idnits 2.17.1 draft-ietf-ipv6-rfc2012-update-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 508: '...e been obsoleted. It MUST not be used....' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, -- which has since been obsoleted. It MUST not be used. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 2002) is 7978 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '4' is defined on line 1208, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 1214, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3291 (ref. '1') (Obsoleted by RFC 4001) ** Obsolete normative reference: RFC 2012 (ref. '3') (Obsoleted by RFC 4022) ** Obsolete normative reference: RFC 2452 (ref. '4') (Obsoleted by RFC 4022, RFC 8096) ** Obsolete normative reference: RFC 793 (ref. '5') (Obsoleted by RFC 9293) -- Possible downref: Non-RFC (?) normative reference: ref. '6' ** Obsolete normative reference: RFC 2571 (ref. '7') (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '10') ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '14') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '15') ** Obsolete normative reference: RFC 1906 (ref. '16') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (ref. '17') (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (ref. '18') (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (ref. '19') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (ref. '20') (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (ref. '21') (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (ref. '22') (Obsoleted by RFC 3410) Summary: 20 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Bill Fenner 2 INTERNET-DRAFT AT&T Research 3 Expires: December 2002 Keith McCloghrie 4 Rajiv Raghunarayan (Editor) 5 Cisco Systems 6 Juergen Schoenwalder 7 TU Braunschweig 8 June 2002 10 Management Information Base 11 for the Transmission Control Protocol (TCP) 12 draft-ietf-ipv6-rfc2012-update-00.txt 14 Status of this Document 16 This document is an Internet-Draft and is in full conformance with all 17 provisions of Section 10 of RFC2026. 19 Internet-Drafts are working documents of the Internet Engineering Task 20 Force (IETF), its areas, and its working groups. Note that other 21 groups may also distribute working documents as Internet-Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference material 26 or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This document is a product of the IPv6 MIB Revision Design Team. 35 Comments should be addressed to the editor/authors or the mailing 36 list at ipng@sunroof.eng.sun.com. 38 Copyright Notice 40 Copyright (C) The Internet Society (2001). All Rights Reserved. 42 Abstract 44 This memo defines a portion of the Management Information Base (MIB) 45 for use with network management protocols in the Internet community. 46 In particular, it describes managed objects used for implementations 47 of the Transmission Control Protocol (TCP) [5] in an IP version 48 independent manner. 50 Table of Contents 52 1. The SNMP Management Framework . . . . . . . . . . . . . . . . . 2 53 2. Revision History. . . . . . . . . . . . . . . . . . . . . . . . 3 54 3. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 55 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 7 56 5. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . . 24 57 6. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . 24 58 7. References. . . . . . . . . . . . . . . . . . . . . . . . . . . 25 59 8. Security Considerations . . . . . . . . . . . . . . . . . . . . 26 60 9. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . 27 61 10. Authors. . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 62 11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 28 64 1. The SNMP Management Framework 66 The SNMP Management Framework presently consists of five major 67 components: 69 o An overall architecture, described in RFC 2571 [7]. 71 o Mechanisms for describing and naming objects and events for the 72 purpose of management. The first version of this Structure of 73 Management Information (SMI) is called SMIv1 and described in STD 16, 74 RFC 1155 [8], STD 16, RFC 1212 [9] and RFC 1215 [10]. The second 75 version, called SMIv2, is described in STD 58, RFC 2578 [11], STD 58, 76 RFC 2579 [12] and STD 58, RFC 2580 [13]. 78 o Message protocols for transferring management information. The first 79 version of the SNMP message protocol is called SNMPv1 and described 80 in STD 15, RFC 1157 [14]. A second version of the SNMP message 81 protocol, which is not an Internet standards track protocol, is 82 called SNMPv2c and described in RFC 1901 [15] and RFC 1906 [16]. The 83 third version of the message protocol is called SNMPv3 and described 84 in RFC 1906 [16], RFC 2572 [17] and RFC 2574 [18]. 86 o Protocol operations for accessing management information. The first 87 set of protocol operations and associated PDU formats is described in 88 STD 15, RFC 1157 [14]. A second set of protocol operations and 89 associated PDU formats is described in RFC 1905 [19]. 91 o A set of fundamental applications described in RFC 2573 [20] and the 92 view-based access control mechanism described in RFC 2575 [21]. 94 A more detailed introduction to the current SNMP Management Framework 95 can be found in RFC 2570 [22]. 97 Managed objects are accessed via a virtual information store, termed 98 the Management Information Base or MIB. Objects in the MIB are defined 99 using the mechanisms defined in the SMI. 101 This memo specifies a MIB module that is compliant to the SMIv2. A 102 MIB conforming to the SMIv1 can be produced through the appropriate 103 translations. The resulting translated MIB must be semantically 104 equivalent, except where objects or events are omitted because no 105 translation is possible (use of Counter64). Some machine readable 106 information in SMIv2 will be converted into textual descriptions in 107 SMIv1 during the translation process. However, this loss of machine 108 readable information is not considered to change the semantics of the 109 MIB. 111 2. Revision History 113 Changes from draft-ietf-ipngwg-rfc2012-update-01.txt: 115 27 June 2002 117 Replaced all occurrences of the term packets to segments, to be 118 consistent with the TCP specification. 120 Added limits to tcpRtoMin, tcpRtoMax and tcpMaxConn. 122 Added the scalar, tcpListenerTableLastChange. 124 Updated the description of tcpConnectionLocalAddress - removed 125 reference to 'listen' state. 127 Updated the description tcpConnection*Octets to explicitly 128 indicate whether the count includes the TCP header octets. 130 Updated the description of tcpConnectionStartTime and 131 tcpListenerStartTime - added clarifying text. 133 Renamed tcpConnectionProcessID to tcpConnectionProcess. 135 Updated the description of tcpListenerTable. 137 Updated the description of tcpListenerLocalAddressType to include 138 unknown (0) as a valid value. 140 Updated the description of tcpListenerLocalAddress - the value 141 ''h (zero-length octet-string) represents the case wherein an 142 application is will to accept connections for any IP interface 143 associated with the node. 145 Removed tcpListenerRemAddressType. 147 Removed tcpListenerHCConnectionsTimedOut and 148 tcpListenerHCConnectionsAccepted. Added them to open issues, to 149 be added iff deemed required after discussions. 151 Renamed tcpListenerConnectionsAccepted to tcpListenerEstablished 152 and tcpListenerConnectionsTimedOut to tcpListenerTimeOuts. 154 Renamed tcpListenerProcessID to tcpListenerProcess. 156 Updated compliance statement for the object tcpConnectionState - 157 support for the value 'deleteTCB (12)' deemed optional. 159 Added RFC 2790 and RFC 2287 to the References section. 161 Updated Contact-Info and Editor's address. 163 Added Authors section. 165 Changes from draft-ietf-ipngwg-rfc2012-update-00.txt: 167 14 November 2001 169 Added HC versions of connection counters. 171 Added Listener table, with counters for accepted and timed out 172 connection attempts. 174 Added tcp{Connection,Listener}ProcessID to index into SYSAPPL-MIB 175 or HOST-RESOURCES-MIB. 177 Removed tcpConnectionRemAddrType, it must be the same as 178 tcpConnectionLocalAddrType. 180 Changes from draft-ops-rfc2012-update-00.txt 182 12 Jul 2001 184 Turned into IPNG WG document 186 Added tcpCountersGroup for per-connection counters 188 Changes from first draft posted to v6mib mailing list: 190 23 Feb 2001 192 Made threshold for HC packet counters 1Mpps 194 Added copyright statements and table of contents 196 21 Feb 2001 -- Juergen's changes 198 Renamed tcpInetConn* to tcpConnection* 200 Updated Conformance info 202 Added missing tcpConnectionState and tcpConnState objects to 203 SEQUENCEs 205 6 Feb 2001 207 Removed v6-only objects. 209 Renamed inetTcp* to tcpInet* 211 Added SIZE restriction to InetAddress index objects. (36 = 212 32-byte addresses plus 4-byte scope, but it's just a strawman) 214 Used InetPortNumber TC from updated INET-ADDRESS-MIB 216 Updated compliance statements. 218 Added Keith to authors 220 Added open issues section. 222 Changes from RFC 2012 224 Deprecated tcpConnTable 226 Added tcpConnectionTable 228 3. Overview 230 The current TCP-MIB defined in this memo consists of two tables an 231 a group of scalars: 233 - The tcp group of scalars reports parameters and statistics of a 234 TCP protocol engine. Three scalars have been added to this group 235 since the publication of RFC 2012. The first two, tcpHCInSegs 236 and tcpHCOutSegs, provide high-capacity counters for fast 237 networks. The third one, tcpListenerTableLastChange, provides 238 management stations with an easier mechanism to validate their 239 listener caches. 241 - The tcpConnectionTable provides access to status information for 242 all TCP connections handled by a TCP protocol engine. The table 243 also contains basic per connection statistics such as the number 244 of segments/octets received and sent and it reports 245 identification of the operating system level processes which 246 handles TCP connections and the start time of a connection. 248 - The tcpListenerTable provides access to information about all TCP 249 listening endpoints known by a TCP protocol engine. The table 250 also contains basic per listening endpoint statistics such as the 251 number of connections established (tcpListenerEstablished), number 252 of connections that timed out (tcpListenerTimeOuts). Together, 253 tcpListenerEstablished and tcpListenerTimeOuts, also provide an 254 indication of the total number of connections accepted. Finally, 255 the tcpListenerTable also reports the identification of the 256 operating system level processes which handles this listening TCP 257 endpoint and the start time when the listening endpoint was 258 created. 260 3.1 Relationship to Other MIBs 262 This section discusses the relationship of this TCP-MIB module to 263 other MIB modules. 265 3.1.1 Relationship to RFC1213-MIB 267 TCP related MIB objects were originally defined as part of the 268 RFC1213-MIB defined in RFC 1213 [2]. The TCP related objects of 269 the RFC1213-MIB were later copied into a separate MIB module and 270 published in RFC 2012 [3] in SMIv2 format. 272 The previous versions of the TCP-MIB both defined the tcpConnTable, 273 which has been deprecated for basically two reasons: 275 (1) The tcpConnTable only supports IPv4. 277 The current approach in the IETF is to write IP version neutral 278 MIBs rather than having different definitions for various 279 version of IP. This reduces the amount of overhead when new 280 objects are introduced since there is only one place to add 281 them. Hence, the approach taken in RFC 2452 of having separate 282 tables is not continued. 284 (2) The tcpConnTable mixes listening endpoints with connections. 286 It turns out that connections tend to have a different behaviour 287 and management access pattern compared to listening endpoints. 288 Splitting the original tcpConnTable into two tables thus allows 289 to add specific status and statistic objects for listening 290 endpoints and connections. 292 3.1.2 Relationship to IPV6-TCP-MIB 294 The IPV6-TCP-MIB defined in RFC 2452 has been moved to Historic 295 since the approach of having separate IP version specific tables is 296 not followed anymore. Implementation of RFC 2452 is thus not 297 suggested anymore. 299 3.1.3 Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB 301 The tcpConnectionTable and the tcpListenerTable report the 302 identification of the operating system level process which handles 303 a connection or a listening endpoint. The value is reported as an 304 Unsigned32 which is expected to be the same as the hrSWRunIndex of 305 the HOST-RESOURCES-MIB (RFC 2790 [24]) (if the value is smaller 306 than 2147483647) or the sysApplElmtRunIndex of the SYSAPPL-MIB 307 (RFC 2287 [23]). This allows managment applications to identify the 308 TCP connections that belong to an operating system level process 309 which has proven to be valuable in operational environments. 311 4. Definitions 313 TCP-MIB DEFINITIONS ::= BEGIN 315 IMPORTS 316 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, 317 Gauge32, Counter32, Counter64, IpAddress, mib-2 318 FROM SNMPv2-SMI 319 TimeStamp FROM SNMPv2-TC 320 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 321 InetAddress, InetAddressType, 322 InetPortNumber FROM INET-ADDRESS-MIB; 324 tcpMIB MODULE-IDENTITY 325 LAST-UPDATED "200206220000Z" 326 ORGANIZATION "IETF IPv6 MIB Revision Team" 327 CONTACT-INFO 328 "Rajiv Raghunarayan (editor) 330 Cisco Systems Inc. 331 170 West Tasman Drive 332 San Jose, CA 95134 334 Phone: +1 408 853 9612 335 Email: " 336 DESCRIPTION 337 "The MIB module for managing TCP implementations." 338 REVISION "200206220000Z" 339 DESCRIPTION 340 "IP version neutral revision, published as RFC XXXX." 341 REVISION "9411010000Z" 342 DESCRIPTION 343 "Initial SMIv2 version, published as RFC 2012." 344 REVISION "9103310000Z" 345 DESCRIPTION 346 "The initial revision of this MIB module was part of 347 MIB-II." 348 ::= { mib-2 49 } 350 -- the TCP base variables group 352 tcp OBJECT IDENTIFIER ::= { mib-2 6 } 354 -- Scalars 356 tcpRtoAlgorithm OBJECT-TYPE 357 SYNTAX INTEGER { 358 other(1), -- none of the following 359 constant(2), -- a constant rto 360 rsre(3), -- MIL-STD-1778, Appendix B 361 vanj(4) -- Van Jacobson's algorithm [1] 362 } 363 MAX-ACCESS read-only 364 STATUS current 365 DESCRIPTION 366 "The algorithm used to determine the timeout value used for 367 retransmitting unacknowledged octets." 368 ::= { tcp 1 } 370 tcpRtoMin OBJECT-TYPE 371 SYNTAX Integer32 (0..2147483647) 372 UNITS "milliseconds" 373 MAX-ACCESS read-only 374 STATUS current 375 DESCRIPTION 376 "The minimum value permitted by a TCP implementation for the 377 retransmission timeout, measured in milliseconds. More 378 refined semantics for objects of this type depend upon the 379 algorithm used to determine the retransmission timeout. In 380 particular, when the timeout algorithm is rsre(3), an 381 object of this type has the semantics of the LBOUND 382 quantity described in RFC 793." 383 ::= { tcp 2 } 385 tcpRtoMax OBJECT-TYPE 386 SYNTAX Integer32 (0..2147483647) 387 UNITS "milliseconds" 388 MAX-ACCESS read-only 389 STATUS current 390 DESCRIPTION 391 "The maximum value permitted by a TCP implementation for the 392 retransmission timeout, measured in milliseconds. More 393 refined semantics for objects of this type depend upon the 394 algorithm used to determine the retransmission timeout. In 395 particular, when the timeout algorithm is rsre(3), an 396 object of this type has the semantics of the UBOUND 397 quantity described in RFC 793." 398 ::= { tcp 3 } 400 tcpMaxConn OBJECT-TYPE 401 SYNTAX Integer32 (-1 | 0..2147483647) 402 MAX-ACCESS read-only 403 STATUS current 404 DESCRIPTION 405 "The limit on the total number of TCP connections the entity 406 can support. In entities where the maximum number of 407 connections is dynamic, this object should contain the 408 value -1." 409 ::= { tcp 4 } 411 tcpActiveOpens OBJECT-TYPE 412 SYNTAX Counter32 413 MAX-ACCESS read-only 414 STATUS current 415 DESCRIPTION 416 "The number of times TCP connections have made a direct 417 transition to the SYN-SENT state from the CLOSED state." 418 ::= { tcp 5 } 420 tcpPassiveOpens OBJECT-TYPE 421 SYNTAX Counter32 422 MAX-ACCESS read-only 423 STATUS current 424 DESCRIPTION 425 "The number of times TCP connections have made a direct 426 transition to the SYN-RCVD state from the LISTEN state." 427 ::= { tcp 6 } 429 tcpAttemptFails OBJECT-TYPE 430 SYNTAX Counter32 431 MAX-ACCESS read-only 432 STATUS current 433 DESCRIPTION 434 "The number of times TCP connections have made a direct 435 transition to the CLOSED state from either the SYN-SENT 436 state or the SYN-RCVD state, plus the number of times TCP 437 connections have made a direct transition to the LISTEN 438 state from the SYN-RCVD state." 439 ::= { tcp 7 } 441 tcpEstabResets OBJECT-TYPE 442 SYNTAX Counter32 443 MAX-ACCESS read-only 444 STATUS current 445 DESCRIPTION 446 "The number of times TCP connections have made a direct 447 transition to the CLOSED state from either the ESTABLISHED 448 state or the CLOSE-WAIT state." 449 ::= { tcp 8 } 451 tcpCurrEstab OBJECT-TYPE 452 SYNTAX Gauge32 453 MAX-ACCESS read-only 454 STATUS current 455 DESCRIPTION 456 "The number of TCP connections for which the current state 457 is either ESTABLISHED or CLOSE-WAIT." 458 ::= { tcp 9 } 460 tcpInSegs OBJECT-TYPE 461 SYNTAX Counter32 462 MAX-ACCESS read-only 463 STATUS current 464 DESCRIPTION 465 "The total number of segments received, including those 466 received in error. This count includes segments received 467 on currently established connections." 468 ::= { tcp 10 } 470 tcpOutSegs OBJECT-TYPE 471 SYNTAX Counter32 472 MAX-ACCESS read-only 473 STATUS current 474 DESCRIPTION 475 "The total number of segments sent, including those on 476 current connections but excluding those containing only 477 retransmitted octets." 478 ::= { tcp 11 } 480 tcpRetransSegs OBJECT-TYPE 481 SYNTAX Counter32 482 MAX-ACCESS read-only 483 STATUS current 484 DESCRIPTION 485 "The total number of segments retransmitted - that is, the 486 number of TCP segments transmitted containing one or more 487 previously transmitted octets." 488 ::= { tcp 12 } 490 tcpInErrs OBJECT-TYPE 491 SYNTAX Counter32 492 MAX-ACCESS read-only 493 STATUS current 494 DESCRIPTION 495 "The total number of segments received in error (e.g., bad 496 TCP checksums)." 497 ::= { tcp 14 } 499 tcpOutRsts OBJECT-TYPE 500 SYNTAX Counter32 501 MAX-ACCESS read-only 502 STATUS current 503 DESCRIPTION 504 "The number of TCP segments sent containing the RST flag." 505 ::= { tcp 15 } 507 -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, 508 -- which has since been obsoleted. It MUST not be used. 510 tcpHCInSegs OBJECT-TYPE 511 SYNTAX Counter64 512 MAX-ACCESS read-only 513 STATUS current 514 DESCRIPTION 515 "The total number of segments received, including those 516 received in error, on systems that can receive more than 1 517 million TCP segments per second. This count includes 518 segments received on currently established connections." 519 ::= { tcp 17 } 521 tcpHCOutSegs OBJECT-TYPE 522 SYNTAX Counter64 523 MAX-ACCESS read-only 524 STATUS current 525 DESCRIPTION 526 "The total number of segments sent, including those on 527 current connections but excluding those containing only 528 retransmitted octets, on systems that can transmit more 529 than 1 million TCP segments per second." 530 ::= { tcp 18 } 532 tcpListenerTableLastChange OBJECT-TYPE 533 SYNTAX TimeStamp 534 MAX-ACCESS read-only 535 STATUS current 536 DESCRIPTION 537 "The value of sysUpTime at the time of the last 538 creation or deletion of an entry in the tcpListenerTable. 539 If the number of entries has been unchanged since the 540 last re-initialization of the local network management 541 subsystem, then this object contains a zero value." 542 ::= { tcp 19 } 544 -- The TCP Connection table 546 tcpConnectionTable OBJECT-TYPE 547 SYNTAX SEQUENCE OF TcpConnectionEntry 548 MAX-ACCESS not-accessible 549 STATUS current 550 DESCRIPTION 551 "A table containing information about existing TCP 552 connections. Note that unlike earlier TCP MIBs, there 553 is a seperate table for connections in the LISTEN state." 554 ::= { tcp 20 } 556 tcpConnectionEntry OBJECT-TYPE 557 SYNTAX TcpConnectionEntry 558 MAX-ACCESS not-accessible 559 STATUS current 560 DESCRIPTION 561 "A conceptual row of the tcpConnectionTable containing 562 information about a particular current TCP connection. 563 Each row of this table is transient, in that it ceases to 564 exist when (or soon after) the connection makes the 565 transition to the CLOSED state." 566 INDEX { tcpConnectionLocalAddressType, 567 tcpConnectionLocalAddress, 568 tcpConnectionLocalPort, 569 tcpConnectionRemAddress, 570 tcpConnectionRemPort } 571 ::= { tcpConnectionTable 1 } 573 TcpConnectionEntry ::= SEQUENCE { 574 tcpConnectionLocalAddressType InetAddressType, 575 tcpConnectionLocalAddress InetAddress, 576 tcpConnectionLocalPort InetPortNumber, 577 tcpConnectionRemAddress InetAddress, 578 tcpConnectionRemPort InetPortNumber, 579 tcpConnectionState INTEGER, 580 tcpConnectionInSegs Counter32, 581 tcpConnectionOutSegs Counter32, 582 tcpConnectionInOctets Counter32, 583 tcpConnectionOutOctets Counter32, 584 tcpConnectionHCInSegs Counter64, 585 tcpConnectionHCOutSegs Counter64, 586 tcpConnectionHCInOctets Counter64, 587 tcpConnectionHCOutOctets Counter64, 588 tcpConnectionStartTime TimeStamp, 589 tcpConnectionProcess Unsigned32 590 } 592 tcpConnectionLocalAddressType OBJECT-TYPE 593 SYNTAX InetAddressType 594 MAX-ACCESS not-accessible 595 STATUS current 596 DESCRIPTION 597 "The address type of tcpConnectionLocalAddress. Only IPv4 598 and IPv6 addresses are expected." 599 ::= { tcpConnectionEntry 1 } 601 tcpConnectionLocalAddress OBJECT-TYPE 602 SYNTAX InetAddress (SIZE(0..36)) 603 MAX-ACCESS not-accessible 604 STATUS current 605 DESCRIPTION 606 "The local IP address for this TCP connection." 607 ::= { tcpConnectionEntry 2 } 609 tcpConnectionLocalPort OBJECT-TYPE 610 SYNTAX InetPortNumber 611 MAX-ACCESS not-accessible 612 STATUS current 613 DESCRIPTION 614 "The local port number for this TCP connection." 615 ::= { tcpConnectionEntry 3 } 617 tcpConnectionRemAddress OBJECT-TYPE 618 SYNTAX InetAddress (SIZE(0..36)) 619 MAX-ACCESS not-accessible 620 STATUS current 621 DESCRIPTION 622 "The remote IP address for this TCP connection." 623 ::= { tcpConnectionEntry 4 } 625 tcpConnectionRemPort OBJECT-TYPE 626 SYNTAX InetPortNumber 627 MAX-ACCESS not-accessible 628 STATUS current 629 DESCRIPTION 630 "The remote port number for this TCP connection." 631 ::= { tcpConnectionEntry 5 } 633 tcpConnectionState OBJECT-TYPE 634 SYNTAX INTEGER { 635 closed(1), 636 listen(2), -- do we need this here??? 637 synSent(3), 638 synReceived(4), 639 established(5), 640 finWait1(6), 641 finWait2(7), 642 closeWait(8), 643 lastAck(9), 644 closing(10), 645 timeWait(11), 646 deleteTCB(12) 647 } 648 MAX-ACCESS read-write 649 STATUS current 650 DESCRIPTION 651 "The state of this TCP connection. 653 The value listen(2) is included only for parallelism to the 654 old tcpConnTable, and should not be used. A connection in 655 LISTEN state should be present in the tcpListenerTable. 657 The only value which may be set by a management station is 658 deleteTCB(12). Accordingly, it is appropriate for an agent 659 to return a `badValue' response if a management station 660 attempts to set this object to any other value. 662 If a management station sets this object to the value 663 deleteTCB(12), then this has the effect of deleting the TCB 664 (as defined in RFC 793) of the corresponding connection on 665 the managed node, resulting in immediate termination of the 666 connection. 668 As an implementation-specific option, a RST segment may be 669 sent from the managed node to the other TCP endpoint (note 670 however that RST segments are not sent reliably)." 671 ::= { tcpConnectionEntry 6 } 673 tcpConnectionInSegs OBJECT-TYPE 674 SYNTAX Counter32 675 MAX-ACCESS read-only 676 STATUS current 677 DESCRIPTION 678 "The number of segments, including control segments without 679 payload and retransmitted segments, received on this 680 connection." 681 ::= { tcpConnectionEntry 7 } 683 tcpConnectionOutSegs OBJECT-TYPE 684 SYNTAX Counter32 685 MAX-ACCESS read-only 686 STATUS current 687 DESCRIPTION 688 "The number of segments, including control segments without 689 payload and retransmitted segments, transmitted on this 690 connection." 691 ::= { tcpConnectionEntry 8 } 693 tcpConnectionInOctets OBJECT-TYPE 694 SYNTAX Counter32 695 MAX-ACCESS read-only 696 STATUS current 697 DESCRIPTION 698 "The number of octets, including the TCP header, received on 699 this connection. This count includes retransmitted data." 700 ::= { tcpConnectionEntry 9 } 702 tcpConnectionOutOctets OBJECT-TYPE 703 SYNTAX Counter32 704 MAX-ACCESS read-only 705 STATUS current 706 DESCRIPTION 707 "The number of octets, including the TCP header, transmitted 708 on this connection. This count includes retransmitted 709 data." 710 ::= { tcpConnectionEntry 10 } 712 tcpConnectionHCInSegs OBJECT-TYPE 713 SYNTAX Counter64 714 MAX-ACCESS read-only 715 STATUS current 716 DESCRIPTION 717 "The number of segments, including control segments without 718 payload and retransmitted segments, received on this 719 connection. This is the 64-bit equivalent of the 720 tcpConnectionInSegs counter." 721 ::= { tcpConnectionEntry 11 } 723 tcpConnectionHCOutSegs OBJECT-TYPE 724 SYNTAX Counter64 725 MAX-ACCESS read-only 726 STATUS current 727 DESCRIPTION 728 "The number of segments, including control segments without 729 payload and retransmitted segments, transmitted on this 730 connection. This is the 64-bit equivalent of the 731 tcpConnectionOutSegs counter." 732 ::= { tcpConnectionEntry 12 } 734 tcpConnectionHCInOctets OBJECT-TYPE 735 SYNTAX Counter64 736 MAX-ACCESS read-only 737 STATUS current 738 DESCRIPTION 739 "The number of octets, including the TCP header, received on 740 this connection. This count includes retransmitted data. 741 This counter is the 64-bit equivalent of the 742 tcpConnectionInOctets counter." 743 ::= { tcpConnectionEntry 13 } 745 tcpConnectionHCOutOctets OBJECT-TYPE 746 SYNTAX Counter64 747 MAX-ACCESS read-only 748 STATUS current 749 DESCRIPTION 750 "The number of octets, including the TCP header, transmitted 751 on this connection. This count includes retransmitted 752 data. This counter is the 64-bit equivalent of the 753 tcpConnectionOutOctets counter." 754 ::= { tcpConnectionEntry 14 } 756 tcpConnectionStartTime OBJECT-TYPE 757 SYNTAX TimeStamp 758 MAX-ACCESS read-only 759 STATUS current 760 DESCRIPTION 761 "The value of sysUpTime at the time this connection was 762 established. The value of this object will be zero 763 - before the connection enters the established state, or 764 - if the established state was entered prior to the last 765 re-initialization of the local network management 766 subsystem." 767 ::= { tcpConnectionEntry 15 } 769 tcpConnectionProcess OBJECT-TYPE 770 SYNTAX Unsigned32 771 MAX-ACCESS read-only 772 STATUS current 773 DESCRIPTION 774 "The system's process ID for the process associated with 775 this connection, or zero if there is no such process. This 776 value is expected to be the same as HOST-RESOURCES-MIB:: 777 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 778 row in the appropriate tables." 779 ::= { tcpConnectionEntry 16 } 781 -- The TCP Listener table 783 tcpListenerTable OBJECT-TYPE 784 SYNTAX SEQUENCE OF TcpListenerEntry 785 MAX-ACCESS not-accessible 786 STATUS current 787 DESCRIPTION 788 "A table containing information about TCP listeners. A 789 listening application can be represented in three 790 possible ways: 792 1. An application that is willing to accept both IPv4 and 793 IPv6 datagrams is represented by 794 tcpListenerLocalAddressType of unknown (0) and 795 tcpListenerLocalAddress of ''h (a zero-length 796 octet-string). 798 2. An application which is willing to accept only IPv4 or 799 IPv6 datagrams is represented by a 800 tcpListenerLocalAddressType of the appropriate address 801 type and tcpListenerLocalAddress of ''h (a zero-length 802 octet-string). 804 3. An application which is a listening for data destined 805 only to a specific IP address, but from any remote 806 system, is represented by a tcpListenerLocalAddressType 807 of an appropriate address type, with 808 tcpListenerLocalAddress the specific local address. 810 NOTE: that address type in this table represents the 811 address type used for the communication, irrespective 812 of the higher-layer abstraction. For example, an 813 application using IPv6 'sockets' to communicate via 814 IPv4 between ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would 815 use InetAddressType ipv4(1))." 816 ::= { tcp 21 } 818 tcpListenerEntry OBJECT-TYPE 819 SYNTAX TcpListenerEntry 820 MAX-ACCESS not-accessible 821 STATUS current 822 DESCRIPTION 823 "A conceptual row of the tcpListenerTable containing 824 information about a particular TCP listener." 825 INDEX { tcpListenerLocalAddressType, 826 tcpListenerLocalAddress, 827 tcpListenerLocalPort } 828 ::= { tcpListenerTable 1 } 830 TcpListenerEntry ::= SEQUENCE { 831 tcpListenerLocalAddressType InetAddressType, 832 tcpListenerLocalAddress InetAddress, 833 tcpListenerLocalPort InetPortNumber, 834 tcpListenerTimeOuts Counter32, 835 tcpListenerEstablished Counter32, 836 tcpListenerStartTime TimeStamp, 837 tcpListenerProcess Unsigned32 838 } 840 tcpListenerLocalAddressType OBJECT-TYPE 841 SYNTAX InetAddressType 842 MAX-ACCESS not-accessible 843 STATUS current 844 DESCRIPTION 845 "The address type of tcpListenerLocalAddress. Only IPv4 and 846 IPv6 addresses are expected, or unknown (0) if connection 847 initiation to all local IP addresses are accepted. " 848 ::= { tcpListenerEntry 1 } 850 tcpListenerLocalAddress OBJECT-TYPE 851 SYNTAX InetAddress (SIZE(0..36)) 852 MAX-ACCESS not-accessible 853 STATUS current 854 DESCRIPTION 855 "The local IP address for this TCP connection. In the case 856 of a listener which is willing to accept connections for 857 any IP interface associated with the node, a value of ''h 858 (zero-length octet-string) is used." 859 ::= { tcpListenerEntry 2 } 861 tcpListenerLocalPort OBJECT-TYPE 862 SYNTAX InetPortNumber 863 MAX-ACCESS not-accessible 864 STATUS current 865 DESCRIPTION 866 "The local port number for this TCP connection." 867 ::= { tcpListenerEntry 3 } 869 tcpListenerTimeOuts OBJECT-TYPE 870 SYNTAX Counter32 871 MAX-ACCESS read-only 872 STATUS current 873 DESCRIPTION 874 "The number of connection attempts to this endpoint which 875 have failed due to timeout of the three-way handshake, i.e. 876 the row was removed from the tcpConnectionTable but 877 tcpConnectionState never moved from synReceived to 878 established." 879 ::= { tcpListenerEntry 4 } 881 tcpListenerEstablished OBJECT-TYPE 882 SYNTAX Counter32 883 MAX-ACCESS read-only 884 STATUS current 885 DESCRIPTION 886 "The number of connections which have been established to 887 this endpoint." 888 ::= { tcpListenerEntry 5 } 890 tcpListenerStartTime OBJECT-TYPE 891 SYNTAX TimeStamp 892 MAX-ACCESS read-only 893 STATUS current 894 DESCRIPTION 895 "The value of sysUpTime at the time this listener was 896 established. If the current state was entered prior to 897 the last re-initialization of the local network management 898 subsystem, then this object contains a zero value." 899 ::= { tcpListenerEntry 6 } 901 tcpListenerProcess OBJECT-TYPE 902 SYNTAX Unsigned32 903 MAX-ACCESS read-only 904 STATUS current 905 DESCRIPTION 906 "The system's process ID for the process associated with 907 this listener, or zero if there is no such process. This 908 value is expected to be the same as HOST-RESOURCES-MIB:: 909 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 910 row in the appropriate tables." 911 ::= { tcpListenerEntry 7 } 913 -- The deprecated TCP Connection table 915 tcpConnTable OBJECT-TYPE 916 SYNTAX SEQUENCE OF TcpConnEntry 917 MAX-ACCESS not-accessible 918 STATUS deprecated 919 DESCRIPTION 920 "A table containing information about existing IPv4-specific 921 TCP connections or listeners. This table has been 922 deprecated in favor of the version neutral 923 tcpConnectionTable." 924 ::= { tcp 13 } 926 tcpConnEntry OBJECT-TYPE 927 SYNTAX TcpConnEntry 928 MAX-ACCESS not-accessible 929 STATUS deprecated 930 DESCRIPTION 931 "A conceptual row of the tcpConnTable containing information 932 about a particular current IPv4 TCP connection. Each row 933 of this table is transient, in that it ceases to exist when 934 (or soon after) the connection makes the transition to the 935 CLOSED state." 936 INDEX { tcpConnLocalAddress, 937 tcpConnLocalPort, 938 tcpConnRemAddress, 939 tcpConnRemPort } 940 ::= { tcpConnTable 1 } 942 TcpConnEntry ::= SEQUENCE { 943 tcpConnState INTEGER, 944 tcpConnLocalAddress IpAddress, 945 tcpConnLocalPort Integer32, 946 tcpConnRemAddress IpAddress, 947 tcpConnRemPort Integer32 948 } 950 tcpConnState OBJECT-TYPE 951 SYNTAX INTEGER { 952 closed(1), 953 listen(2), 954 synSent(3), 955 synReceived(4), 956 established(5), 957 finWait1(6), 958 finWait2(7), 959 closeWait(8), 960 lastAck(9), 961 closing(10), 962 timeWait(11), 963 deleteTCB(12) 964 } 965 MAX-ACCESS read-write 966 STATUS deprecated 967 DESCRIPTION 968 "The state of this TCP connection. 970 The only value which may be set by a management station is 971 deleteTCB(12). Accordingly, it is appropriate for an agent 972 to return a `badValue' response if a management station 973 attempts to set this object to any other value. 975 If a management station sets this object to the value 976 deleteTCB(12), then this has the effect of deleting the TCB 977 (as defined in RFC 793) of the corresponding connection on 978 the managed node, resulting in immediate termination of the 979 connection. 981 As an implementation-specific option, a RST segment may be 982 sent from the managed node to the other TCP endpoint (note 983 however that RST segments are not sent reliably)." 984 ::= { tcpConnEntry 1 } 986 tcpConnLocalAddress OBJECT-TYPE 987 SYNTAX IpAddress 988 MAX-ACCESS read-only 989 STATUS deprecated 990 DESCRIPTION 991 "The local IP address for this TCP connection. In the case 992 of a connection in the listen state which is willing to 993 accept connections for any IP interface associated with the 994 node, the value 0.0.0.0 is used." 995 ::= { tcpConnEntry 2 } 997 tcpConnLocalPort OBJECT-TYPE 998 SYNTAX Integer32 (0..65535) 999 MAX-ACCESS read-only 1000 STATUS deprecated 1001 DESCRIPTION 1002 "The local port number for this TCP connection." 1003 ::= { tcpConnEntry 3 } 1005 tcpConnRemAddress OBJECT-TYPE 1006 SYNTAX IpAddress 1007 MAX-ACCESS read-only 1008 STATUS deprecated 1009 DESCRIPTION 1010 "The remote IP address for this TCP connection." 1011 ::= { tcpConnEntry 4 } 1013 tcpConnRemPort OBJECT-TYPE 1014 SYNTAX Integer32 (0..65535) 1015 MAX-ACCESS read-only 1016 STATUS deprecated 1017 DESCRIPTION 1018 "The remote port number for this TCP connection." 1019 ::= { tcpConnEntry 5 } 1021 -- conformance information 1023 tcpMIBConformance OBJECT IDENTIFIER ::= { tcpMIB 2 } 1025 tcpMIBCompliances OBJECT IDENTIFIER ::= { tcpMIBConformance 1 } 1026 tcpMIBGroups OBJECT IDENTIFIER ::= { tcpMIBConformance 2 } 1028 -- compliance statements 1030 tcpMIBCompliance2 MODULE-COMPLIANCE 1031 STATUS current 1032 DESCRIPTION 1033 "The compliance statement for systems which implement TCP." 1034 MODULE -- this module 1035 MANDATORY-GROUPS { tcpBaseGroup, tcpConnectionGroup } 1036 GROUP tcpListenerGroup 1037 DESCRIPTION 1038 "This group is mandatory for those systems supporting the 1039 tcpListenerTable." 1040 GROUP tcpHCGroup 1041 DESCRIPTION 1042 "This group is mandatory for those systems which are capable 1043 of receiving or transmitting more than 1 million TCP 1044 segments per second. 1 million segments per second will 1045 cause a Counter32 to wrap in just over an hour." 1046 GROUP tcpStatisticsGroup 1047 DESCRIPTION 1048 "This group is optional. It provides visibility for 1049 counters that some systems already implement." 1051 GROUP tcpHCStatisticsGroup 1052 DESCRIPTION 1053 "This group is mandatory for those systems which implement 1054 the tcpStatisticsGroup and are capable of receiving or 1055 transmitting more than 1 million TCP segments per second. 1056 1 million segments per second will cause a Counter32 to 1057 wrap in just over an hour." 1058 OBJECT tcpConnectionState 1059 SYNTAX INTEGER { closed(1), listen(2), synSent(3), 1060 synReceived(4), established(5), 1061 finWait1(6), finWait2(7), closeWait(8), 1062 lastAck(9), closing(10), timeWait(11) } 1063 MIN-ACCESS read-only 1064 DESCRIPTION 1065 "Write access is not required, nor is support for the value 1066 deleteTCB (12)." 1067 ::= { tcpMIBCompliances 2 } 1069 tcpMIBCompliance MODULE-COMPLIANCE 1070 STATUS deprecated 1071 DESCRIPTION 1072 "The compliance statement for IPv4-only systems which 1073 implement TCP. In order to be IP version independent, this 1074 compliance statement is deprecated in favor of 1075 tcpMIBCompliance2. However, agents are still encouraged to 1076 implement these objects in order to interoperate with the 1077 deployed base of managers." 1078 MODULE -- this module 1079 MANDATORY-GROUPS { tcpGroup } 1080 OBJECT tcpConnState 1082 MIN-ACCESS read-only 1083 DESCRIPTION 1084 "Write access is not required." 1085 ::= { tcpMIBCompliances 1 } 1087 -- units of conformance 1089 tcpGroup OBJECT-GROUP 1090 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1091 tcpMaxConn, tcpActiveOpens, 1092 tcpPassiveOpens, tcpAttemptFails, 1093 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1094 tcpOutSegs, tcpRetransSegs, tcpConnState, 1095 tcpConnLocalAddress, tcpConnLocalPort, 1096 tcpConnRemAddress, tcpConnRemPort, 1097 tcpInErrs, tcpOutRsts } 1098 STATUS deprecated 1099 DESCRIPTION 1100 "The tcp group of objects providing for management of TCP 1101 entities." 1102 ::= { tcpMIBGroups 1 } 1104 tcpBaseGroup OBJECT-GROUP 1105 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1106 tcpMaxConn, tcpActiveOpens, 1107 tcpPassiveOpens, tcpAttemptFails, 1108 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1109 tcpOutSegs, tcpRetransSegs, 1110 tcpInErrs, tcpOutRsts } 1111 STATUS current 1112 DESCRIPTION 1113 "The group of counters common to TCP entities." 1114 ::= { tcpMIBGroups 2 } 1116 tcpHCGroup OBJECT-GROUP 1117 OBJECTS { tcpHCInSegs, tcpHCOutSegs } 1118 STATUS current 1119 DESCRIPTION 1120 "The group of objects providing for counters of high speed 1121 TCP implementations." 1122 ::= { tcpMIBGroups 3 } 1124 tcpConnectionGroup OBJECT-GROUP 1125 OBJECTS { tcpConnectionState } 1126 STATUS current 1127 DESCRIPTION 1128 "The table of TCP connections." 1129 ::= { tcpMIBGroups 4 } 1131 tcpListenerGroup OBJECT-GROUP 1132 OBJECTS { tcpListenerTableLastChange } 1133 STATUS current 1134 DESCRIPTION 1135 "This group has objects providing general information about 1136 TCP listeners." 1137 ::= { tcpMIBGroups 5 } 1139 tcpStatisticsGroup OBJECT-GROUP 1140 OBJECTS { tcpConnectionInSegs, tcpConnectionOutSegs, 1141 tcpConnectionInOctets, tcpConnectionOutOctets, 1142 tcpConnectionStartTime, tcpConnectionProcess, 1143 tcpListenerTimeOuts, tcpListenerEstablished, 1144 tcpListenerStartTime, tcpListenerProcess } 1145 STATUS current 1146 DESCRIPTION 1147 "The segment and octet counters and other statistics 1148 specific to a TCP connection or listener." 1149 ::= { tcpMIBGroups 6 } 1151 tcpHCStatisticsGroup OBJECT-GROUP 1152 OBJECTS { tcpConnectionHCInSegs, tcpConnectionHCOutSegs, 1153 tcpConnectionHCInOctets, tcpConnectionHCOutOctets } 1154 STATUS current 1155 DESCRIPTION 1156 "The group of objects providing for statistics for listeners 1157 or connections on high speed TCP implementations." 1158 ::= { tcpMIBGroups 7 } 1160 END 1162 5. Open Issues 1164 Does calculating the number of active TCP connections from the 1165 tcpConnectionTable have any operational concerns i.e. do we need a 1166 counter for the same? Or does the current counter, tcpCurrEstab 1167 (count of ESTABLISHED or CLOSE-WAIT connections), suffice? 1169 Are the current per-connection byte/segment counters appropriate? 1170 Other stats? [in optional conformance group] ConnSRTT? Number of 1171 half-open connections? Timeout for half-open connections? 1173 Should the tcpConnection*Octet counters include TCP header in the count 1174 as well? 1176 More HC counters? Do we need HC counter equivalents for 1177 tcpListenerTimeOuts and tcpListenerEstablished? 1179 How about a BITS object indicating the various TCP protocol features 1180 supported by this entity? 1182 Most of the timer values are represented in terms of sysUpTime i.e. 1183 TimeStamp. Is there an implementation concern here, with respect to, 1184 zeroing of values when the network management subsystem re-inits? 1185 Would DateAndTime be better, or would there be concerns of absence 1186 of clock hardware/issues with use of NTP for such cases? 1188 6. Acknowledgements 1190 This document contains a modified subset of RFC 1213 and updates RFC 1191 2012 and RFC 2452. Acknowledgements are therefore due to the authors 1192 and editors of these documents for their excellent work. 1194 7. References 1196 [1] Daniele, M., Haberman, ., Routhier, S., and Schoenwaelder, J., 1197 "Textual Conventions for Internet Network Addresses", RFC 3291, 1198 May 2002. 1200 [2] Rose, M. and K. McCloghrie, "Management Information Base for 1201 Network Management of TCP/IP-based internets", RFC 1213, March 1202 1991. 1204 [3] K. McCloghrie, "SNMPv2 Management Information Base for the 1205 Transmission Control Protocol using SMIv2", RFC 2012, November 1206 1996. 1208 [4] Daniele, M., "IP Version 6 Management Information Base for the 1209 Transmission Control Protocol", RFC 2452, December 1998. 1211 [5] Postel, J., "Transmission Control Protocol - DARPA Internet Program 1212 Protocol Specification", STD 7, RFC 793, DARPA, September 1981. 1214 [6] Jacobson, V., "Congestion Avoidance and Control", SIGCOMM 1988, 1215 Stanford, California. 1217 [7] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 1218 Describing SNMP Management Frameworks", RFC 2571, April 1999. 1220 [8] Rose, M., and K. McCloghrie, "Structure and Identification of 1221 Management Information for TCP/IP-based Internets", STD 16, RFC 1222 1155, May 1990. 1224 [9] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1225 1212, March 1991. 1227 [10] Rose, M., "A Convention for Defining Traps for use with the SNMP", 1228 RFC 1215, March 1991. 1230 [11] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, 1231 M., and S. Waldbusser, "Structure of Management Information 1232 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1234 [12] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, 1235 M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, 1236 RFC 2579, April 1999. 1238 [13] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, 1239 M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, 1240 RFC 2580, April 1999. 1242 [14] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1243 Network Management Protocol", STD 15, RFC 1157, May 1990. 1245 [15] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1246 "Introduction to Community-based SNMPv2", RFC 1901, January 1996. 1248 [16] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 1249 Mappings for Version 2 of the Simple Network Management Protocol 1250 (SNMPv2)", RFC 1906, January 1996. 1252 [17] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1253 Processing and Dispatching for the Simple Network Management 1254 Protocol (SNMP)", RFC 2572, April 1999. 1256 [18] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) 1257 for version 3 of the Simple Network Management Protocol (SNMPv3)", 1258 RFC 2574, April 1999. 1260 [19] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 1261 Operations for Version 2 of the Simple Network Management Protocol 1262 (SNMPv2)", RFC 1905, January 1996. 1264 [20] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 1265 2573, April 1999. 1267 [21] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 1268 Control Model (VACM) for the Simple Network Management Protocol 1269 (SNMP)", RFC 2575, April 1999. 1271 [22] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to 1272 Version 3 of the Internet-standard Network Management Framework", 1273 RFC 2570, April 1999. 1275 [23] Krupczak, C., Saperia, J., "Definitions of System-Level Managed 1276 Objects for Applications", RFC 2287, February 1998. 1278 [24] Waldbusser, S., Grillo, P., "Host Resources MIB", RFC 2790, March 1279 2000. 1281 8. Security Considerations 1283 There are a number of management objects defined in this MIB that have 1284 a MAX-ACCESS clause of read-write and/or read-create. Such objects may 1285 be considered sensitive or vulnerable in some network environments. 1286 The support for SET operations in a non-secure environment without 1287 proper protection can have a negative effect on network operations. 1289 There are a number of managed objects in this MIB that may contain 1290 sensitive information. These are: 1292 o The tcpConnectionLocalPort and tcpConnLocalPort objects can be used 1293 to identify what ports are open on the machine and can thus what 1294 attacks are likely to succeed, without the attacker having to run a 1295 port scanner. 1297 o The tcpConnectionState and tcpConnState objects have a MAX-ACCESS 1298 clause of read-write, which allows termination of an arbitrary 1299 connection. Unauthorized access could cause a denial of service. 1301 It is thus important to control even GET access to these objects and 1302 possibly to even encrypt the values of these object when sending them 1303 over the network via SNMP. Not all versions of SNMP provide features 1304 for such a secure environment. 1306 SNMPv1 by itself is not a secure environment. Even if the network 1307 itself is secure (for example by using IPSec), even then, there is no 1308 control as to who on the secure network is allowed to access and 1309 GET/SET (read/change/create/delete) the objects in this MIB. 1311 It is recommended that the implementers consider the security features 1312 as provided by the SNMPv3 framework. Specifically, the use of the 1313 User-based Security Model RFC 2574 [18] and the View-based Access 1314 Control Model RFC 2575 [21] is recommended. 1316 It is then a customer/user responsibility to ensure that the SNMP 1317 entity giving access to an instance of this MIB, is properly 1318 configured to give access to the objects only to those principals 1319 (users) that have legitimate rights to indeed GET or SET 1320 (change/create/delete) them. 1322 9. Editor's Address 1324 Rajiv Raghunarayan 1325 Cisco Systems Inc. 1326 170 West Tasman Drive 1327 San Jose, CA 95134 1328 USA 1330 Email: raraghun@cisco.com 1332 10. Authors 1334 This document is an output of the IPv6 MIB revision team, and 1335 contributors to earlier versions of this document include: 1337 Bill Fenner, AT&T Labs -- Research 1338 Email: fenner@research.att.com 1340 Brian Haberman 1341 Email: bkhabs@nc.rr.com 1342 Shawn A. Routhier, Wind River 1343 Email: sar@epilogue.com 1345 Juergen Schoenwalder, TU Braunschweig 1346 Email: schoenw@ibr.cs.tu-bs.de 1348 Dave Thaler, Microsoft 1349 Email: dthaler@windows.microsoft 1351 This documents updates parts of the MIBs from several documents. RFC 1352 2012 has been the base document for these updations. RFC 2452 was 1353 the first document to define the managed objects for implementations 1354 of TCP over IPv6. 1356 RFC 2012: 1358 Keith McCloghrie, Cisco Systems (Editor) 1359 kzm@cisco.com 1361 RFC 2452: 1363 Mike Daniele, Compaq Computer Corporation 1364 daniele@zk3.dec.com 1366 11. Full Copyright Statement 1368 Copyright (C) The Internet Society (2002). All Rights Reserved. 1370 This document and translations of it may be copied and furnished to 1371 others, and derivative works that comment on or otherwise explain it or 1372 assist in its implementation may be prepared, copied, published and 1373 distributed, in whole or in part, without restriction of any kind, 1374 provided that the above copyright notice and this paragraph are 1375 included on all such copies and derivative works. However, this 1376 document itself may not be modified in any way, such as by removing the 1377 copyright notice or references to the Internet Society or other 1378 Internet organizations, except as needed for the purpose of developing 1379 Internet standards in which case the procedures for copyrights defined 1380 in the Internet Standards process must be followed, or as required to 1381 translate it into languages other than English. 1383 The limited permissions granted above are perpetual and will not be 1384 revoked by the Internet Society or its successors or assigns. 1386 This document and the information contained herein is provided on an 1387 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1388 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 1389 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL 1390 NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY 1391 OR FITNESS FOR A PARTICULAR PURPOSE.