idnits 2.17.1 draft-ietf-ipv6-rfc2012-update-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** The abstract seems to contain references ([5]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 529: '...e been obsoleted. It MUST not be used....' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'MUST not' in this paragraph: -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, -- which has since been obsoleted. It MUST not be used. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 2002) is 7833 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '4' is defined on line 1235, but no explicit reference was found in the text == Unused Reference: '6' is defined on line 1241, but no explicit reference was found in the text ** Obsolete normative reference: RFC 3291 (ref. '1') (Obsoleted by RFC 4001) ** Obsolete normative reference: RFC 2012 (ref. '3') (Obsoleted by RFC 4022) ** Obsolete normative reference: RFC 2452 (ref. '4') (Obsoleted by RFC 4022, RFC 8096) ** Obsolete normative reference: RFC 793 (ref. '5') (Obsoleted by RFC 9293) -- Possible downref: Non-RFC (?) normative reference: ref. '6' ** Obsolete normative reference: RFC 2571 (ref. '7') (Obsoleted by RFC 3411) ** Downref: Normative reference to an Informational RFC: RFC 1215 (ref. '10') ** Downref: Normative reference to an Historic RFC: RFC 1157 (ref. '14') ** Downref: Normative reference to an Historic RFC: RFC 1901 (ref. '15') ** Obsolete normative reference: RFC 1906 (ref. '16') (Obsoleted by RFC 3417) ** Obsolete normative reference: RFC 2572 (ref. '17') (Obsoleted by RFC 3412) ** Obsolete normative reference: RFC 2574 (ref. '18') (Obsoleted by RFC 3414) ** Obsolete normative reference: RFC 1905 (ref. '19') (Obsoleted by RFC 3416) ** Obsolete normative reference: RFC 2573 (ref. '20') (Obsoleted by RFC 3413) ** Obsolete normative reference: RFC 2575 (ref. '21') (Obsoleted by RFC 3415) ** Obsolete normative reference: RFC 2570 (ref. '22') (Obsoleted by RFC 3410) Summary: 20 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 IPv6 MIB Revision Design Team Bill Fenner 2 INTERNET-DRAFT AT&T Research 3 Expires: May 2003 Keith McCloghrie 4 Rajiv Raghunarayan (Editor) 5 Cisco Systems 6 Juergen Schoenwalder 7 TU Braunschweig 8 November 2002 10 Management Information Base 11 for the Transmission Control Protocol (TCP) 12 draft-ietf-ipv6-rfc2012-update-01.txt 14 Status of this Document 16 This document is an Internet-Draft and is in full conformance with all 17 provisions of Section 10 of RFC2026. 19 Internet-Drafts are working documents of the Internet Engineering Task 20 Force (IETF), its areas, and its working groups. Note that other 21 groups may also distribute working documents as Internet-Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference material 26 or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This document is a product of the IPv6 MIB Revision Design Team. 35 Comments should be addressed to the editor/authors or the mailing 36 list at ipng@sunroof.eng.sun.com. 38 Copyright Notice 40 Copyright (C) The Internet Society (2001). All Rights Reserved. 42 Abstract 44 This memo defines a portion of the Management Information Base (MIB) 45 for use with network management protocols in the Internet community. 46 In particular, it describes managed objects used for implementations 47 of the Transmission Control Protocol (TCP) [5] in an IP version 48 independent manner. 50 Table of Contents 52 1. The SNMP Management Framework . . . . . . . . . . . . . . . . . 2 53 2. Revision History. . . . . . . . . . . . . . . . . . . . . . . . 3 54 3. Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 55 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 7 56 5. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . . 24 57 6. Acknowledgements. . . . . . . . . . . . . . . . . . . . . . . . 25 58 7. References. . . . . . . . . . . . . . . . . . . . . . . . . . . 25 59 8. Security Considerations . . . . . . . . . . . . . . . . . . . . 27 60 9. Editor's Address. . . . . . . . . . . . . . . . . . . . . . . . 27 61 10. Authors. . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 62 11. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 28 64 1. The SNMP Management Framework 66 The SNMP Management Framework presently consists of five major 67 components: 69 o An overall architecture, described in RFC 2571 [7]. 71 o Mechanisms for describing and naming objects and events for the 72 purpose of management. The first version of this Structure of 73 Management Information (SMI) is called SMIv1 and described in STD 16, 74 RFC 1155 [8], STD 16, RFC 1212 [9] and RFC 1215 [10]. The second 75 version, called SMIv2, is described in STD 58, RFC 2578 [11], STD 58, 76 RFC 2579 [12] and STD 58, RFC 2580 [13]. 78 o Message protocols for transferring management information. The first 79 version of the SNMP message protocol is called SNMPv1 and described 80 in STD 15, RFC 1157 [14]. A second version of the SNMP message 81 protocol, which is not an Internet standards track protocol, is 82 called SNMPv2c and described in RFC 1901 [15] and RFC 1906 [16]. The 83 third version of the message protocol is called SNMPv3 and described 84 in RFC 1906 [16], RFC 2572 [17] and RFC 2574 [18]. 86 o Protocol operations for accessing management information. The first 87 set of protocol operations and associated PDU formats is described in 88 STD 15, RFC 1157 [14]. A second set of protocol operations and 89 associated PDU formats is described in RFC 1905 [19]. 91 o A set of fundamental applications described in RFC 2573 [20] and the 92 view-based access control mechanism described in RFC 2575 [21]. 94 A more detailed introduction to the current SNMP Management Framework 95 can be found in RFC 2570 [22]. 97 Managed objects are accessed via a virtual information store, termed 98 the Management Information Base or MIB. Objects in the MIB are defined 99 using the mechanisms defined in the SMI. 101 This memo specifies a MIB module that is compliant to the SMIv2. A 102 MIB conforming to the SMIv1 can be produced through the appropriate 103 translations. The resulting translated MIB must be semantically 104 equivalent, except where objects or events are omitted because no 105 translation is possible (use of Counter64). Some machine readable 106 information in SMIv2 will be converted into textual descriptions in 107 SMIv1 during the translation process. However, this loss of machine 108 readable information is not considered to change the semantics of the 109 MIB. 111 2. Revision History 113 Changes from draft-ietf-ipv6-rfc2012-update-00.txt 115 4th November 2002 117 Replaced the tcpConnectionStartTime and tcpListenerStartTime 118 objects with tcpConnectionAge and tcpListenerAge respectively. 120 Added tcpConnectionRemAddressType as an auxiliary object into 121 the tcpConnectionTable. 123 Added new object, tcpConnectionId, to provide a link into the 124 TCP-ESTATS-MIB. 126 Included tcpConnectionAge and tcpConnectionProcess into the 127 tcpConnectionGroup. 129 Included tcpListenerAge and tcpListenerProcess into the 130 tcpListenerGroup. 132 tcpListenerGroup added to the mandatory list for compliance. 134 Changes from draft-ietf-ipngwg-rfc2012-update-01.txt: 136 27 June 2002 138 Replaced all occurrences of the term packets to segments, to be 139 consistent with the TCP specification. 141 Added limits to tcpRtoMin, tcpRtoMax and tcpMaxConn. 143 Added the scalar, tcpListenerTableLastChange. 145 Updated the description of tcpConnectionLocalAddress - removed 146 reference to 'listen' state. 148 Updated the description tcpConnection*Octets to explicitly 149 indicate whether the count includes the TCP header octets. 151 Updated the description of tcpConnectionStartTime and 152 tcpListenerStartTime - added clarifying text. 154 Renamed tcpConnectionProcessID to tcpConnectionProcess. 156 Updated the description of tcpListenerTable. 158 Updated the description of tcpListenerLocalAddressType to include 159 unknown (0) as a valid value. 161 Updated the description of tcpListenerLocalAddress - the value 162 ''h (zero-length octet-string) represents the case wherein an 163 application is will to accept connections for any IP interface 164 associated with the node. 166 Removed tcpListenerRemAddressType. 168 Removed tcpListenerHCConnectionsTimedOut and 169 tcpListenerHCConnectionsAccepted. Added them to open issues, to 170 be added iff deemed required after discussions. 172 Renamed tcpListenerConnectionsAccepted to tcpListenerEstablished 173 and tcpListenerConnectionsTimedOut to tcpListenerTimeOuts. 175 Renamed tcpListenerProcessID to tcpListenerProcess. 177 Updated compliance statement for the object tcpConnectionState - 178 support for the value 'deleteTCB (12)' deemed optional. 180 Added RFC 2790 and RFC 2287 to the References section. 182 Updated Contact-Info and Editor's address. 184 Added Authors section. 186 Changes from draft-ietf-ipngwg-rfc2012-update-00.txt: 188 14 November 2001 190 Added HC versions of connection counters. 192 Added Listener table, with counters for accepted and timed out 193 connection attempts. 195 Added tcp{Connection,Listener}ProcessID to index into SYSAPPL-MIB 196 or HOST-RESOURCES-MIB. 198 Removed tcpConnectionRemAddrType, it must be the same as 199 tcpConnectionLocalAddrType. 201 Changes from draft-ops-rfc2012-update-00.txt 203 12 Jul 2001 205 Turned into IPNG WG document 207 Added tcpCountersGroup for per-connection counters 209 Changes from first draft posted to v6mib mailing list: 211 23 Feb 2001 213 Made threshold for HC packet counters 1Mpps 215 Added copyright statements and table of contents 217 21 Feb 2001 -- Juergen's changes 219 Renamed tcpInetConn* to tcpConnection* 221 Updated Conformance info 223 Added missing tcpConnectionState and tcpConnState objects to 224 SEQUENCEs 226 6 Feb 2001 228 Removed v6-only objects. 230 Renamed inetTcp* to tcpInet* 232 Added SIZE restriction to InetAddress index objects. (36 = 233 32-byte addresses plus 4-byte scope, but it's just a strawman) 235 Used InetPortNumber TC from updated INET-ADDRESS-MIB 237 Updated compliance statements. 239 Added Keith to authors 241 Added open issues section. 243 Changes from RFC 2012 245 Deprecated tcpConnTable 247 Added tcpConnectionTable 249 3. Overview 251 The current TCP-MIB defined in this memo consists of two tables an 252 a group of scalars: 254 - The tcp group of scalars reports parameters and statistics of a 255 TCP protocol engine. Three scalars have been added to this group 256 since the publication of RFC 2012. The first two, tcpHCInSegs 257 and tcpHCOutSegs, provide high-capacity counters for fast 258 networks. The third one, tcpListenerTableLastChange, provides 259 management stations with an easier mechanism to validate their 260 listener caches. 262 - The tcpConnectionTable provides access to status information for 263 all TCP connections handled by a TCP protocol engine. The table 264 also contains basic per connection statistics such as the number 265 of segments/octets received and sent and it reports 266 identification of the operating system level processes which 267 handles TCP connections and the start time of a connection. 269 - The tcpListenerTable provides access to information about all TCP 270 listening endpoints known by a TCP protocol engine. The table 271 also contains basic per listening endpoint statistics such as the 272 number of connections established (tcpListenerEstablished), number 273 of connections that timed out (tcpListenerTimeOuts). Together, 274 tcpListenerEstablished and tcpListenerTimeOuts, also provide an 275 indication of the total number of connections accepted. Finally, 276 the tcpListenerTable also reports the identification of the 277 operating system level processes which handles this listening TCP 278 endpoint and the start time when the listening endpoint was 279 created. 281 3.1 Relationship to Other MIBs 283 This section discusses the relationship of this TCP-MIB module to 284 other MIB modules. 286 3.1.1 Relationship to RFC1213-MIB 288 TCP related MIB objects were originally defined as part of the 289 RFC1213-MIB defined in RFC 1213 [2]. The TCP related objects of 290 the RFC1213-MIB were later copied into a separate MIB module and 291 published in RFC 2012 [3] in SMIv2 format. 293 The previous versions of the TCP-MIB both defined the tcpConnTable, 294 which has been deprecated for basically two reasons: 296 (1) The tcpConnTable only supports IPv4. 298 The current approach in the IETF is to write IP version neutral 299 MIBs rather than having different definitions for various 300 version of IP. This reduces the amount of overhead when new 301 objects are introduced since there is only one place to add 302 them. Hence, the approach taken in RFC 2452 of having separate 303 tables is not continued. 305 (2) The tcpConnTable mixes listening endpoints with connections. 307 It turns out that connections tend to have a different behaviour 308 and management access pattern compared to listening endpoints. 309 Splitting the original tcpConnTable into two tables thus allows 310 to add specific status and statistic objects for listening 311 endpoints and connections. 313 3.1.2 Relationship to IPV6-TCP-MIB 315 The IPV6-TCP-MIB defined in RFC 2452 has been moved to Historic 316 since the approach of having separate IP version specific tables is 317 not followed anymore. Implementation of RFC 2452 is thus not 318 suggested anymore. 320 3.1.3 Relationship to HOST-RESOURCES-MIB and SYSAPPL-MIB 322 The tcpConnectionTable and the tcpListenerTable report the 323 identification of the operating system level process which handles 324 a connection or a listening endpoint. The value is reported as an 325 Unsigned32 which is expected to be the same as the hrSWRunIndex of 326 the HOST-RESOURCES-MIB (RFC 2790 [24]) (if the value is smaller 327 than 2147483647) or the sysApplElmtRunIndex of the SYSAPPL-MIB 328 (RFC 2287 [23]). This allows managment applications to identify the 329 TCP connections that belong to an operating system level process 330 which has proven to be valuable in operational environments. 332 4. Definitions 334 TCP-MIB DEFINITIONS ::= BEGIN 336 IMPORTS 337 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, 338 Gauge32, Counter32, Counter64, IpAddress, mib-2 339 FROM SNMPv2-SMI 340 TimeStamp, TimeInterval FROM SNMPv2-TC 341 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 342 InetAddress, InetAddressType, 343 InetPortNumber FROM INET-ADDRESS-MIB; 345 tcpMIB MODULE-IDENTITY 346 LAST-UPDATED "200211040000Z" 347 ORGANIZATION "IETF IPv6 MIB Revision Team" 348 CONTACT-INFO 349 "Rajiv Raghunarayan (editor) 351 Cisco Systems Inc. 352 170 West Tasman Drive 353 San Jose, CA 95134 355 Phone: +1 408 853 9612 356 Email: " 357 DESCRIPTION 358 "The MIB module for managing TCP implementations." 359 REVISION "200211040000Z" 360 DESCRIPTION 361 "IP version neutral revision, published as RFC XXXX." 362 REVISION "9411010000Z" 363 DESCRIPTION 364 "Initial SMIv2 version, published as RFC 2012." 365 REVISION "9103310000Z" 366 DESCRIPTION 367 "The initial revision of this MIB module was part of 368 MIB-II." 369 ::= { mib-2 49 } 371 -- the TCP base variables group 373 tcp OBJECT IDENTIFIER ::= { mib-2 6 } 375 -- Scalars 377 tcpRtoAlgorithm OBJECT-TYPE 378 SYNTAX INTEGER { 379 other(1), -- none of the following 380 constant(2), -- a constant rto 381 rsre(3), -- MIL-STD-1778, Appendix B 382 vanj(4) -- Van Jacobson's algorithm [1] 383 } 384 MAX-ACCESS read-only 385 STATUS current 386 DESCRIPTION 387 "The algorithm used to determine the timeout value used for 388 retransmitting unacknowledged octets." 389 ::= { tcp 1 } 391 tcpRtoMin OBJECT-TYPE 392 SYNTAX Integer32 (0..2147483647) 393 UNITS "milliseconds" 394 MAX-ACCESS read-only 395 STATUS current 396 DESCRIPTION 397 "The minimum value permitted by a TCP implementation for the 398 retransmission timeout, measured in milliseconds. More 399 refined semantics for objects of this type depend upon the 400 algorithm used to determine the retransmission timeout. In 401 particular, when the timeout algorithm is rsre(3), an 402 object of this type has the semantics of the LBOUND 403 quantity described in RFC 793." 404 ::= { tcp 2 } 406 tcpRtoMax OBJECT-TYPE 407 SYNTAX Integer32 (0..2147483647) 408 UNITS "milliseconds" 409 MAX-ACCESS read-only 410 STATUS current 411 DESCRIPTION 412 "The maximum value permitted by a TCP implementation for the 413 retransmission timeout, measured in milliseconds. More 414 refined semantics for objects of this type depend upon the 415 algorithm used to determine the retransmission timeout. In 416 particular, when the timeout algorithm is rsre(3), an 417 object of this type has the semantics of the UBOUND 418 quantity described in RFC 793." 419 ::= { tcp 3 } 421 tcpMaxConn OBJECT-TYPE 422 SYNTAX Integer32 (-1 | 0..2147483647) 423 MAX-ACCESS read-only 424 STATUS current 425 DESCRIPTION 426 "The limit on the total number of TCP connections the entity 427 can support. In entities where the maximum number of 428 connections is dynamic, this object should contain the 429 value -1." 430 ::= { tcp 4 } 432 tcpActiveOpens OBJECT-TYPE 433 SYNTAX Counter32 434 MAX-ACCESS read-only 435 STATUS current 436 DESCRIPTION 437 "The number of times TCP connections have made a direct 438 transition to the SYN-SENT state from the CLOSED state." 439 ::= { tcp 5 } 441 tcpPassiveOpens OBJECT-TYPE 442 SYNTAX Counter32 443 MAX-ACCESS read-only 444 STATUS current 445 DESCRIPTION 446 "The number of times TCP connections have made a direct 447 transition to the SYN-RCVD state from the LISTEN state." 448 ::= { tcp 6 } 450 tcpAttemptFails OBJECT-TYPE 451 SYNTAX Counter32 452 MAX-ACCESS read-only 453 STATUS current 454 DESCRIPTION 455 "The number of times TCP connections have made a direct 456 transition to the CLOSED state from either the SYN-SENT 457 state or the SYN-RCVD state, plus the number of times TCP 458 connections have made a direct transition to the LISTEN 459 state from the SYN-RCVD state." 460 ::= { tcp 7 } 462 tcpEstabResets OBJECT-TYPE 463 SYNTAX Counter32 464 MAX-ACCESS read-only 465 STATUS current 466 DESCRIPTION 467 "The number of times TCP connections have made a direct 468 transition to the CLOSED state from either the ESTABLISHED 469 state or the CLOSE-WAIT state." 470 ::= { tcp 8 } 472 tcpCurrEstab OBJECT-TYPE 473 SYNTAX Gauge32 474 MAX-ACCESS read-only 475 STATUS current 476 DESCRIPTION 477 "The number of TCP connections for which the current state 478 is either ESTABLISHED or CLOSE-WAIT." 479 ::= { tcp 9 } 481 tcpInSegs OBJECT-TYPE 482 SYNTAX Counter32 483 MAX-ACCESS read-only 484 STATUS current 485 DESCRIPTION 486 "The total number of segments received, including those 487 received in error. This count includes segments received 488 on currently established connections." 489 ::= { tcp 10 } 491 tcpOutSegs OBJECT-TYPE 492 SYNTAX Counter32 493 MAX-ACCESS read-only 494 STATUS current 495 DESCRIPTION 496 "The total number of segments sent, including those on 497 current connections but excluding those containing only 498 retransmitted octets." 499 ::= { tcp 11 } 501 tcpRetransSegs OBJECT-TYPE 502 SYNTAX Counter32 503 MAX-ACCESS read-only 504 STATUS current 505 DESCRIPTION 506 "The total number of segments retransmitted - that is, the 507 number of TCP segments transmitted containing one or more 508 previously transmitted octets." 509 ::= { tcp 12 } 511 tcpInErrs OBJECT-TYPE 512 SYNTAX Counter32 513 MAX-ACCESS read-only 514 STATUS current 515 DESCRIPTION 516 "The total number of segments received in error (e.g., bad 517 TCP checksums)." 518 ::= { tcp 14 } 520 tcpOutRsts OBJECT-TYPE 521 SYNTAX Counter32 522 MAX-ACCESS read-only 523 STATUS current 524 DESCRIPTION 525 "The number of TCP segments sent containing the RST flag." 526 ::= { tcp 15 } 528 -- { tcp 16 } was used to represent the ipv6TcpConnTable in RFC 2452, 529 -- which has since been obsoleted. It MUST not be used. 531 tcpHCInSegs OBJECT-TYPE 532 SYNTAX Counter64 533 MAX-ACCESS read-only 534 STATUS current 535 DESCRIPTION 536 "The total number of segments received, including those 537 received in error, on systems that can receive more than 1 538 million TCP segments per second. This count includes 539 segments received on currently established connections." 540 ::= { tcp 17 } 542 tcpHCOutSegs OBJECT-TYPE 543 SYNTAX Counter64 544 MAX-ACCESS read-only 545 STATUS current 546 DESCRIPTION 547 "The total number of segments sent, including those on 548 current connections but excluding those containing only 549 retransmitted octets, on systems that can transmit more 550 than 1 million TCP segments per second." 551 ::= { tcp 18 } 553 tcpListenerTableLastChange OBJECT-TYPE 554 SYNTAX TimeStamp 555 MAX-ACCESS read-only 556 STATUS current 557 DESCRIPTION 558 "The value of sysUpTime at the time of the last 559 creation or deletion of an entry in the tcpListenerTable. 560 If the number of entries has been unchanged since the 561 last re-initialization of the local network management 562 subsystem, then this object contains a zero value." 563 ::= { tcp 19 } 565 -- The TCP Connection table 567 tcpConnectionTable OBJECT-TYPE 568 SYNTAX SEQUENCE OF TcpConnectionEntry 569 MAX-ACCESS not-accessible 570 STATUS current 571 DESCRIPTION 572 "A table containing information about existing TCP 573 connections. Note that unlike earlier TCP MIBs, there 574 is a seperate table for connections in the LISTEN state." 575 ::= { tcp 20 } 577 tcpConnectionEntry OBJECT-TYPE 578 SYNTAX TcpConnectionEntry 579 MAX-ACCESS not-accessible 580 STATUS current 581 DESCRIPTION 582 "A conceptual row of the tcpConnectionTable containing 583 information about a particular current TCP connection. 584 Each row of this table is transient, in that it ceases to 585 exist when (or soon after) the connection makes the 586 transition to the CLOSED state." 587 INDEX { tcpConnectionLocalAddressType, 588 tcpConnectionLocalAddress, 589 tcpConnectionLocalPort, 590 tcpConnectionRemAddressType, 591 tcpConnectionRemAddress, 592 tcpConnectionRemPort } 593 ::= { tcpConnectionTable 1 } 595 TcpConnectionEntry ::= SEQUENCE { 596 tcpConnectionLocalAddressType InetAddressType, 597 tcpConnectionLocalAddress InetAddress, 598 tcpConnectionLocalPort InetPortNumber, 599 tcpConnectionRemAddressType InetAddressType, 600 tcpConnectionRemAddress InetAddress, 601 tcpConnectionRemPort InetPortNumber, 602 tcpConnectionState INTEGER, 603 tcpConnectionInSegs Counter32, 604 tcpConnectionOutSegs Counter32, 605 tcpConnectionInOctets Counter32, 606 tcpConnectionOutOctets Counter32, 607 tcpConnectionHCInSegs Counter64, 608 tcpConnectionHCOutSegs Counter64, 609 tcpConnectionHCInOctets Counter64, 610 tcpConnectionHCOutOctets Counter64, 611 tcpConnectionAge TimeInterval, 612 tcpConnectionProcess Unsigned32, 613 tcpConnectionId Integer32 614 } 616 tcpConnectionLocalAddressType OBJECT-TYPE 617 SYNTAX InetAddressType 618 MAX-ACCESS not-accessible 619 STATUS current 620 DESCRIPTION 621 "The address type of tcpConnectionLocalAddress. Only IPv4 622 and IPv6 addresses are expected." 623 ::= { tcpConnectionEntry 1 } 625 tcpConnectionLocalAddress OBJECT-TYPE 626 SYNTAX InetAddress (SIZE(0..36)) 627 MAX-ACCESS not-accessible 628 STATUS current 629 DESCRIPTION 630 "The local IP address for this TCP connection." 631 ::= { tcpConnectionEntry 2 } 633 tcpConnectionLocalPort OBJECT-TYPE 634 SYNTAX InetPortNumber 635 MAX-ACCESS not-accessible 636 STATUS current 637 DESCRIPTION 638 "The local port number for this TCP connection." 639 ::= { tcpConnectionEntry 3 } 641 tcpConnectionRemAddressType OBJECT-TYPE 642 SYNTAX InetAddressType 643 MAX-ACCESS not-accessible 644 STATUS current 645 DESCRIPTION 646 "The address type of tcpConnectionRemAddress. Only IPv4 647 and IPv6 addresses are expected." 648 ::= { tcpConnectionEntry 4 } 650 tcpConnectionRemAddress OBJECT-TYPE 651 SYNTAX InetAddress (SIZE(0..36)) 652 MAX-ACCESS not-accessible 653 STATUS current 654 DESCRIPTION 655 "The remote IP address for this TCP connection." 656 ::= { tcpConnectionEntry 5 } 658 tcpConnectionRemPort OBJECT-TYPE 659 SYNTAX InetPortNumber 660 MAX-ACCESS not-accessible 661 STATUS current 662 DESCRIPTION 663 "The remote port number for this TCP connection." 664 ::= { tcpConnectionEntry 6 } 666 tcpConnectionState OBJECT-TYPE 667 SYNTAX INTEGER { 668 closed(1), 669 listen(2), -- do we need this here??? 670 synSent(3), 671 synReceived(4), 672 established(5), 673 finWait1(6), 674 finWait2(7), 675 closeWait(8), 676 lastAck(9), 677 closing(10), 678 timeWait(11), 679 deleteTCB(12) 680 } 681 MAX-ACCESS read-write 682 STATUS current 683 DESCRIPTION 684 "The state of this TCP connection. 686 The value listen(2) is included only for parallelism to the 687 old tcpConnTable, and should not be used. A connection in 688 LISTEN state should be present in the tcpListenerTable. 690 The only value which may be set by a management station is 691 deleteTCB(12). Accordingly, it is appropriate for an agent 692 to return a `badValue' response if a management station 693 attempts to set this object to any other value. 695 If a management station sets this object to the value 696 deleteTCB(12), then this has the effect of deleting the TCB 697 (as defined in RFC 793) of the corresponding connection on 698 the managed node, resulting in immediate termination of the 699 connection. 701 As an implementation-specific option, a RST segment may be 702 sent from the managed node to the other TCP endpoint (note 703 however that RST segments are not sent reliably)." 705 ::= { tcpConnectionEntry 7 } 707 tcpConnectionInSegs OBJECT-TYPE 708 SYNTAX Counter32 709 MAX-ACCESS read-only 710 STATUS current 711 DESCRIPTION 712 "The number of segments, including control segments without 713 payload and retransmitted segments, received on this 714 connection." 715 ::= { tcpConnectionEntry 8 } 717 tcpConnectionOutSegs OBJECT-TYPE 718 SYNTAX Counter32 719 MAX-ACCESS read-only 720 STATUS current 721 DESCRIPTION 722 "The number of segments, including control segments without 723 payload and retransmitted segments, transmitted on this 724 connection." 725 ::= { tcpConnectionEntry 9 } 727 tcpConnectionInOctets OBJECT-TYPE 728 SYNTAX Counter32 729 MAX-ACCESS read-only 730 STATUS current 731 DESCRIPTION 732 "The number of octets, including the TCP header, received on 733 this connection. This count includes retransmitted data." 734 ::= { tcpConnectionEntry 10 } 736 tcpConnectionOutOctets OBJECT-TYPE 737 SYNTAX Counter32 738 MAX-ACCESS read-only 739 STATUS current 740 DESCRIPTION 741 "The number of octets, including the TCP header, transmitted 742 on this connection. This count includes retransmitted 743 data." 744 ::= { tcpConnectionEntry 11 } 746 tcpConnectionHCInSegs OBJECT-TYPE 747 SYNTAX Counter64 748 MAX-ACCESS read-only 749 STATUS current 750 DESCRIPTION 751 "The number of segments, including control segments without 752 payload and retransmitted segments, received on this 753 connection. This is the 64-bit equivalent of the 754 tcpConnectionInSegs counter." 755 ::= { tcpConnectionEntry 12 } 757 tcpConnectionHCOutSegs OBJECT-TYPE 758 SYNTAX Counter64 759 MAX-ACCESS read-only 760 STATUS current 761 DESCRIPTION 762 "The number of segments, including control segments without 763 payload and retransmitted segments, transmitted on this 764 connection. This is the 64-bit equivalent of the 765 tcpConnectionOutSegs counter." 766 ::= { tcpConnectionEntry 13 } 768 tcpConnectionHCInOctets OBJECT-TYPE 769 SYNTAX Counter64 770 MAX-ACCESS read-only 771 STATUS current 772 DESCRIPTION 773 "The number of octets, including the TCP header, received on 774 this connection. This count includes retransmitted data. 775 This counter is the 64-bit equivalent of the 776 tcpConnectionInOctets counter." 777 ::= { tcpConnectionEntry 14 } 779 tcpConnectionHCOutOctets OBJECT-TYPE 780 SYNTAX Counter64 781 MAX-ACCESS read-only 782 STATUS current 783 DESCRIPTION 784 "The number of octets, including the TCP header, transmitted 785 on this connection. This count includes retransmitted 786 data. This counter is the 64-bit equivalent of the 787 tcpConnectionOutOctets counter." 788 ::= { tcpConnectionEntry 15 } 790 tcpConnectionAge OBJECT-TYPE 791 SYNTAX TimeInterval 792 MAX-ACCESS read-only 793 STATUS current 794 DESCRIPTION 795 "This object represents the age of the connection in 796 hundredths of a second." 797 ::= { tcpConnectionEntry 16 } 799 tcpConnectionProcess OBJECT-TYPE 800 SYNTAX Unsigned32 801 MAX-ACCESS read-only 802 STATUS current 803 DESCRIPTION 804 "The system's process ID for the process associated with 805 this connection, or zero if there is no such process. This 806 value is expected to be the same as HOST-RESOURCES-MIB:: 807 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 808 row in the appropriate tables." 810 ::= { tcpConnectionEntry 17 } 812 tcpConnectionId OBJECT-TYPE 813 SYNTAX Integer32 (0..2147483647) 814 MAX-ACCESS read-only 815 STATUS current 816 DESCRIPTION 817 "The connection id associated with this connection. This 818 value is expected to be the same as TCP-ESTATS-MIB:: 819 tcpEStatsConnectIndex for some row in the appropriate 820 tables." 821 ::= { tcpConnectionEntry 18 } 823 -- The TCP Listener table 825 tcpListenerTable OBJECT-TYPE 826 SYNTAX SEQUENCE OF TcpListenerEntry 827 MAX-ACCESS not-accessible 828 STATUS current 829 DESCRIPTION 830 "A table containing information about TCP listeners. A 831 listening application can be represented in three 832 possible ways: 834 1. An application that is willing to accept both IPv4 and 835 IPv6 datagrams is represented by 836 tcpListenerLocalAddressType of unknown (0) and 837 tcpListenerLocalAddress of ''h (a zero-length 838 octet-string). 840 2. An application which is willing to accept only IPv4 or 841 IPv6 datagrams is represented by a 842 tcpListenerLocalAddressType of the appropriate address 843 type and tcpListenerLocalAddress of ''h (a zero-length 844 octet-string). 846 3. An application which is a listening for data destined 847 only to a specific IP address, but from any remote 848 system, is represented by a tcpListenerLocalAddressType 849 of an appropriate address type, with 850 tcpListenerLocalAddress the specific local address. 852 NOTE: that address type in this table represents the 853 address type used for the communication, irrespective 854 of the higher-layer abstraction. For example, an 855 application using IPv6 'sockets' to communicate via 856 IPv4 between ::ffff:10.0.0.1 and ::ffff:10.0.0.2 would 857 use InetAddressType ipv4(1))." 858 ::= { tcp 21 } 860 tcpListenerEntry OBJECT-TYPE 861 SYNTAX TcpListenerEntry 862 MAX-ACCESS not-accessible 863 STATUS current 864 DESCRIPTION 865 "A conceptual row of the tcpListenerTable containing 866 information about a particular TCP listener." 867 INDEX { tcpListenerLocalAddressType, 868 tcpListenerLocalAddress, 869 tcpListenerLocalPort } 870 ::= { tcpListenerTable 1 } 872 TcpListenerEntry ::= SEQUENCE { 873 tcpListenerLocalAddressType InetAddressType, 874 tcpListenerLocalAddress InetAddress, 875 tcpListenerLocalPort InetPortNumber, 876 tcpListenerTimeOuts Counter32, 877 tcpListenerEstablished Counter32, 878 tcpListenerAge Unsigned32, 879 tcpListenerProcess Unsigned32 880 } 882 tcpListenerLocalAddressType OBJECT-TYPE 883 SYNTAX InetAddressType 884 MAX-ACCESS not-accessible 885 STATUS current 886 DESCRIPTION 887 "The address type of tcpListenerLocalAddress. Only IPv4 and 888 IPv6 addresses are expected, or unknown (0) if connection 889 initiation to all local IP addresses are accepted. " 890 ::= { tcpListenerEntry 1 } 892 tcpListenerLocalAddress OBJECT-TYPE 893 SYNTAX InetAddress (SIZE(0..36)) 894 MAX-ACCESS not-accessible 895 STATUS current 896 DESCRIPTION 897 "The local IP address for this TCP connection. In the case 898 of a listener which is willing to accept connections for 899 any IP interface associated with the node, a value of ''h 900 (zero-length octet-string) is used." 901 ::= { tcpListenerEntry 2 } 903 tcpListenerLocalPort OBJECT-TYPE 904 SYNTAX InetPortNumber 905 MAX-ACCESS not-accessible 906 STATUS current 907 DESCRIPTION 908 "The local port number for this TCP connection." 909 ::= { tcpListenerEntry 3 } 911 tcpListenerTimeOuts OBJECT-TYPE 912 SYNTAX Counter32 913 MAX-ACCESS read-only 914 STATUS current 915 DESCRIPTION 916 "The number of connection attempts to this endpoint which 917 have failed due to timeout of the three-way handshake, i.e. 918 the row was removed from the tcpConnectionTable but 919 tcpConnectionState never moved from synReceived to 920 established." 921 ::= { tcpListenerEntry 4 } 923 tcpListenerEstablished OBJECT-TYPE 924 SYNTAX Counter32 925 MAX-ACCESS read-only 926 STATUS current 927 DESCRIPTION 928 "The number of connections which have been established to 929 this endpoint." 930 ::= { tcpListenerEntry 5 } 932 tcpListenerAge OBJECT-TYPE 933 SYNTAX Unsigned32 934 MAX-ACCESS read-only 935 STATUS current 936 DESCRIPTION 937 "This object represents the age of listener in seconds." 938 ::= { tcpListenerEntry 6 } 940 tcpListenerProcess OBJECT-TYPE 941 SYNTAX Unsigned32 942 MAX-ACCESS read-only 943 STATUS current 944 DESCRIPTION 945 "The system's process ID for the process associated with 946 this listener, or zero if there is no such process. This 947 value is expected to be the same as HOST-RESOURCES-MIB:: 948 hrSWRunIndex or SYSAPPL-MIB::sysApplElmtRunIndex for some 949 row in the appropriate tables." 950 ::= { tcpListenerEntry 7 } 952 -- The deprecated TCP Connection table 954 tcpConnTable OBJECT-TYPE 955 SYNTAX SEQUENCE OF TcpConnEntry 956 MAX-ACCESS not-accessible 957 STATUS deprecated 958 DESCRIPTION 959 "A table containing information about existing IPv4-specific 960 TCP connections or listeners. This table has been 961 deprecated in favor of the version neutral 962 tcpConnectionTable." 963 ::= { tcp 13 } 965 tcpConnEntry OBJECT-TYPE 966 SYNTAX TcpConnEntry 967 MAX-ACCESS not-accessible 968 STATUS deprecated 969 DESCRIPTION 970 "A conceptual row of the tcpConnTable containing information 971 about a particular current IPv4 TCP connection. Each row 972 of this table is transient, in that it ceases to exist when 973 (or soon after) the connection makes the transition to the 974 CLOSED state." 975 INDEX { tcpConnLocalAddress, 976 tcpConnLocalPort, 977 tcpConnRemAddress, 978 tcpConnRemPort } 979 ::= { tcpConnTable 1 } 981 TcpConnEntry ::= SEQUENCE { 982 tcpConnState INTEGER, 983 tcpConnLocalAddress IpAddress, 984 tcpConnLocalPort Integer32, 985 tcpConnRemAddress IpAddress, 986 tcpConnRemPort Integer32 987 } 989 tcpConnState OBJECT-TYPE 990 SYNTAX INTEGER { 991 closed(1), 992 listen(2), 993 synSent(3), 994 synReceived(4), 995 established(5), 996 finWait1(6), 997 finWait2(7), 998 closeWait(8), 999 lastAck(9), 1000 closing(10), 1001 timeWait(11), 1002 deleteTCB(12) 1003 } 1004 MAX-ACCESS read-write 1005 STATUS deprecated 1006 DESCRIPTION 1007 "The state of this TCP connection. 1009 The only value which may be set by a management station is 1010 deleteTCB(12). Accordingly, it is appropriate for an agent 1011 to return a `badValue' response if a management station 1012 attempts to set this object to any other value. 1014 If a management station sets this object to the value 1015 deleteTCB(12), then this has the effect of deleting the TCB 1016 (as defined in RFC 793) of the corresponding connection on 1017 the managed node, resulting in immediate termination of the 1018 connection. 1020 As an implementation-specific option, a RST segment may be 1021 sent from the managed node to the other TCP endpoint (note 1022 however that RST segments are not sent reliably)." 1023 ::= { tcpConnEntry 1 } 1025 tcpConnLocalAddress OBJECT-TYPE 1026 SYNTAX IpAddress 1027 MAX-ACCESS read-only 1028 STATUS deprecated 1029 DESCRIPTION 1030 "The local IP address for this TCP connection. In the case 1031 of a connection in the listen state which is willing to 1032 accept connections for any IP interface associated with the 1033 node, the value 0.0.0.0 is used." 1034 ::= { tcpConnEntry 2 } 1036 tcpConnLocalPort OBJECT-TYPE 1037 SYNTAX Integer32 (0..65535) 1038 MAX-ACCESS read-only 1039 STATUS deprecated 1040 DESCRIPTION 1041 "The local port number for this TCP connection." 1042 ::= { tcpConnEntry 3 } 1044 tcpConnRemAddress OBJECT-TYPE 1045 SYNTAX IpAddress 1046 MAX-ACCESS read-only 1047 STATUS deprecated 1048 DESCRIPTION 1049 "The remote IP address for this TCP connection." 1050 ::= { tcpConnEntry 4 } 1052 tcpConnRemPort OBJECT-TYPE 1053 SYNTAX Integer32 (0..65535) 1054 MAX-ACCESS read-only 1055 STATUS deprecated 1056 DESCRIPTION 1057 "The remote port number for this TCP connection." 1058 ::= { tcpConnEntry 5 } 1060 -- conformance information 1062 tcpMIBConformance OBJECT IDENTIFIER ::= { tcpMIB 2 } 1063 tcpMIBCompliances OBJECT IDENTIFIER ::= { tcpMIBConformance 1 } 1064 tcpMIBGroups OBJECT IDENTIFIER ::= { tcpMIBConformance 2 } 1066 -- compliance statements 1068 tcpMIBCompliance2 MODULE-COMPLIANCE 1069 STATUS current 1070 DESCRIPTION 1071 "The compliance statement for systems which implement TCP." 1072 MODULE -- this module 1073 MANDATORY-GROUPS { tcpBaseGroup, tcpConnectionGroup, 1074 tcpListenerGroup } 1075 GROUP tcpHCGroup 1076 DESCRIPTION 1077 "This group is mandatory for those systems which are capable 1078 of receiving or transmitting more than 1 million TCP 1079 segments per second. 1 million segments per second will 1080 cause a Counter32 to wrap in just over an hour." 1081 GROUP tcpStatisticsGroup 1082 DESCRIPTION 1083 "This group is optional. It provides visibility for 1084 counters that some systems already implement." 1085 GROUP tcpHCStatisticsGroup 1086 DESCRIPTION 1087 "This group is mandatory for those systems which implement 1088 the tcpStatisticsGroup and are capable of receiving or 1089 transmitting more than 1 million TCP segments per second. 1090 1 million segments per second will cause a Counter32 to 1091 wrap in just over an hour." 1092 OBJECT tcpConnectionState 1093 SYNTAX INTEGER { closed(1), listen(2), synSent(3), 1094 synReceived(4), established(5), 1095 finWait1(6), finWait2(7), closeWait(8), 1096 lastAck(9), closing(10), timeWait(11) } 1097 MIN-ACCESS read-only 1098 DESCRIPTION 1099 "Write access is not required, nor is support for the value 1100 deleteTCB (12)." 1101 ::= { tcpMIBCompliances 2 } 1103 tcpMIBCompliance MODULE-COMPLIANCE 1104 STATUS deprecated 1105 DESCRIPTION 1106 "The compliance statement for IPv4-only systems which 1107 implement TCP. In order to be IP version independent, this 1108 compliance statement is deprecated in favor of 1109 tcpMIBCompliance2. However, agents are still encouraged to 1110 implement these objects in order to interoperate with the 1111 deployed base of managers." 1113 MODULE -- this module 1114 MANDATORY-GROUPS { tcpGroup } 1115 OBJECT tcpConnState 1117 MIN-ACCESS read-only 1118 DESCRIPTION 1119 "Write access is not required." 1120 ::= { tcpMIBCompliances 1 } 1122 -- units of conformance 1124 tcpGroup OBJECT-GROUP 1125 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1126 tcpMaxConn, tcpActiveOpens, 1127 tcpPassiveOpens, tcpAttemptFails, 1128 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1129 tcpOutSegs, tcpRetransSegs, tcpConnState, 1130 tcpConnLocalAddress, tcpConnLocalPort, 1131 tcpConnRemAddress, tcpConnRemPort, 1132 tcpInErrs, tcpOutRsts } 1133 STATUS deprecated 1134 DESCRIPTION 1135 "The tcp group of objects providing for management of TCP 1136 entities." 1137 ::= { tcpMIBGroups 1 } 1139 tcpBaseGroup OBJECT-GROUP 1140 OBJECTS { tcpRtoAlgorithm, tcpRtoMin, tcpRtoMax, 1141 tcpMaxConn, tcpActiveOpens, 1142 tcpPassiveOpens, tcpAttemptFails, 1143 tcpEstabResets, tcpCurrEstab, tcpInSegs, 1144 tcpOutSegs, tcpRetransSegs, 1145 tcpInErrs, tcpOutRsts } 1146 STATUS current 1147 DESCRIPTION 1148 "The group of counters common to TCP entities." 1149 ::= { tcpMIBGroups 2 } 1151 tcpHCGroup OBJECT-GROUP 1152 OBJECTS { tcpHCInSegs, tcpHCOutSegs } 1153 STATUS current 1154 DESCRIPTION 1155 "The group of objects providing for counters of high speed 1156 TCP implementations." 1157 ::= { tcpMIBGroups 3 } 1159 tcpConnectionGroup OBJECT-GROUP 1160 OBJECTS { tcpConnectionState, tcpConnectionAge, 1161 tcpConnectionProcess, tcpConnectionId } 1162 STATUS current 1163 DESCRIPTION 1164 "The group provides general information about TCP 1165 connections." 1166 ::= { tcpMIBGroups 4 } 1168 tcpListenerGroup OBJECT-GROUP 1169 OBJECTS { tcpListenerTableLastChange, tcpListenerAge, 1170 tcpListenerProcess } 1171 STATUS current 1172 DESCRIPTION 1173 "This group has objects providing general information about 1174 TCP listeners." 1175 ::= { tcpMIBGroups 5 } 1177 tcpStatisticsGroup OBJECT-GROUP 1178 OBJECTS { tcpConnectionInSegs, tcpConnectionOutSegs, 1179 tcpConnectionInOctets, tcpConnectionOutOctets, 1180 tcpListenerTimeOuts, tcpListenerEstablished } 1181 STATUS current 1182 DESCRIPTION 1183 "The segment and octet counters and other statistics 1184 specific to a TCP connection or listener." 1185 ::= { tcpMIBGroups 6 } 1187 tcpHCStatisticsGroup OBJECT-GROUP 1188 OBJECTS { tcpConnectionHCInSegs, tcpConnectionHCOutSegs, 1189 tcpConnectionHCInOctets, tcpConnectionHCOutOctets } 1190 STATUS current 1191 DESCRIPTION 1192 "The group of objects providing for statistics for listeners 1193 or connections on high speed TCP implementations." 1194 ::= { tcpMIBGroups 7 } 1196 END 1198 5. Open Issues 1200 Does calculating the number of active TCP connections from the 1201 tcpConnectionTable have any operational concerns i.e. do we need a 1202 counter for the same? Or does the current counter, tcpCurrEstab 1203 (count of ESTABLISHED or CLOSE-WAIT connections), suffice? 1205 Are the current per-connection byte/segment counters appropriate? 1206 Other stats? [in optional conformance group] ConnSRTT? Number of 1207 half-open connections? Timeout for half-open connections? 1208 More HC counters? Do we need HC counter equivalents for 1209 tcpListenerTimeOuts and tcpListenerEstablished - will the 32 bit 1210 counter wrap within the hour? 1212 How about a BITS object indicating the various TCP protocol features 1213 supported by this entity? 1215 6. Acknowledgements 1217 This document contains a modified subset of RFC 1213 and updates RFC 1218 2012 and RFC 2452. Acknowledgements are therefore due to the authors 1219 and editors of these documents for their excellent work. 1221 7. References 1223 [1] Daniele, M., Haberman, B., Routhier, S., and Schoenwaelder, J., 1224 "Textual Conventions for Internet Network Addresses", RFC 3291, 1225 May 2002. 1227 [2] Rose, M. and K. McCloghrie, "Management Information Base for 1228 Network Management of TCP/IP-based internets", RFC 1213, March 1229 1991. 1231 [3] K. McCloghrie, "SNMPv2 Management Information Base for the 1232 Transmission Control Protocol using SMIv2", RFC 2012, November 1233 1996. 1235 [4] Daniele, M., "IP Version 6 Management Information Base for the 1236 Transmission Control Protocol", RFC 2452, December 1998. 1238 [5] Postel, J., "Transmission Control Protocol - DARPA Internet Program 1239 Protocol Specification", STD 7, RFC 793, DARPA, September 1981. 1241 [6] Jacobson, V., "Congestion Avoidance and Control", SIGCOMM 1988, 1242 Stanford, California. 1244 [7] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for 1245 Describing SNMP Management Frameworks", RFC 2571, April 1999. 1247 [8] Rose, M., and K. McCloghrie, "Structure and Identification of 1248 Management Information for TCP/IP-based Internets", STD 16, RFC 1249 1155, May 1990. 1251 [9] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1252 1212, March 1991. 1254 [10] Rose, M., "A Convention for Defining Traps for use with the SNMP", 1255 RFC 1215, March 1991. 1257 [11] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, 1258 M., and S. Waldbusser, "Structure of Management Information 1259 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1261 [12] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, 1262 M., and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, 1263 RFC 2579, April 1999. 1265 [13] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, 1266 M., and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, 1267 RFC 2580, April 1999. 1269 [14] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple 1270 Network Management Protocol", STD 15, RFC 1157, May 1990. 1272 [15] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, 1273 "Introduction to Community-based SNMPv2", RFC 1901, January 1996. 1275 [16] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport 1276 Mappings for Version 2 of the Simple Network Management Protocol 1277 (SNMPv2)", RFC 1906, January 1996. 1279 [17] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message 1280 Processing and Dispatching for the Simple Network Management 1281 Protocol (SNMP)", RFC 2572, April 1999. 1283 [18] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) 1284 for version 3 of the Simple Network Management Protocol (SNMPv3)", 1285 RFC 2574, April 1999. 1287 [19] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol 1288 Operations for Version 2 of the Simple Network Management Protocol 1289 (SNMPv2)", RFC 1905, January 1996. 1291 [20] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC 1292 2573, April 1999. 1294 [21] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access 1295 Control Model (VACM) for the Simple Network Management Protocol 1296 (SNMP)", RFC 2575, April 1999. 1298 [22] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to 1299 Version 3 of the Internet-standard Network Management Framework", 1300 RFC 2570, April 1999. 1302 [23] Krupczak, C., Saperia, J., "Definitions of System-Level Managed 1303 Objects for Applications", RFC 2287, February 1998. 1305 [24] Waldbusser, S., Grillo, P., "Host Resources MIB", RFC 2790, March 1306 2000. 1308 8. Security Considerations 1310 There are a number of management objects defined in this MIB that have 1311 a MAX-ACCESS clause of read-write and/or read-create. Such objects may 1312 be considered sensitive or vulnerable in some network environments. 1313 The support for SET operations in a non-secure environment without 1314 proper protection can have a negative effect on network operations. 1316 There are a number of managed objects in this MIB that may contain 1317 sensitive information. These are: 1319 o The tcpConnectionLocalPort and tcpConnLocalPort objects can be used 1320 to identify what ports are open on the machine and can thus what 1321 attacks are likely to succeed, without the attacker having to run a 1322 port scanner. 1324 o The tcpConnectionState and tcpConnState objects have a MAX-ACCESS 1325 clause of read-write, which allows termination of an arbitrary 1326 connection. Unauthorized access could cause a denial of service. 1328 It is thus important to control even GET access to these objects and 1329 possibly to even encrypt the values of these object when sending them 1330 over the network via SNMP. Not all versions of SNMP provide features 1331 for such a secure environment. 1333 SNMPv1 by itself is not a secure environment. Even if the network 1334 itself is secure (for example by using IPSec), even then, there is no 1335 control as to who on the secure network is allowed to access and 1336 GET/SET (read/change/create/delete) the objects in this MIB. 1338 It is recommended that the implementers consider the security features 1339 as provided by the SNMPv3 framework. Specifically, the use of the 1340 User-based Security Model RFC 2574 [18] and the View-based Access 1341 Control Model RFC 2575 [21] is recommended. 1343 It is then a customer/user responsibility to ensure that the SNMP 1344 entity giving access to an instance of this MIB, is properly 1345 configured to give access to the objects only to those principals 1346 (users) that have legitimate rights to indeed GET or SET 1347 (change/create/delete) them. 1349 9. Editor's Address 1351 Rajiv Raghunarayan 1352 Cisco Systems Inc. 1353 170 West Tasman Drive 1354 San Jose, CA 95134 1355 USA 1357 Email: raraghun@cisco.com 1358 10. Authors 1360 This document is an output of the IPv6 MIB revision team, and 1361 contributors to earlier versions of this document include: 1363 Bill Fenner, AT&T Labs -- Research 1364 Email: fenner@research.att.com 1366 Brian Haberman 1367 Email: bkhabs@nc.rr.com 1369 Shawn A. Routhier, Wind River 1370 Email: sar@epilogue.com 1372 Juergen Schoenwalder, TU Braunschweig 1373 Email: schoenw@ibr.cs.tu-bs.de 1375 Dave Thaler, Microsoft 1376 Email: dthaler@windows.microsoft 1378 This documents updates parts of the MIBs from several documents. RFC 1379 2012 has been the base document for these updations. RFC 2452 was 1380 the first document to define the managed objects for implementations 1381 of TCP over IPv6. 1383 RFC 2012: 1385 Keith McCloghrie, Cisco Systems (Editor) 1386 kzm@cisco.com 1388 RFC 2452: 1390 Mike Daniele, Compaq Computer Corporation 1391 daniele@zk3.dec.com 1393 11. Full Copyright Statement 1395 Copyright (C) The Internet Society (2002). All Rights Reserved. 1397 This document and translations of it may be copied and furnished to 1398 others, and derivative works that comment on or otherwise explain it or 1399 assist in its implementation may be prepared, copied, published and 1400 distributed, in whole or in part, without restriction of any kind, 1401 provided that the above copyright notice and this paragraph are 1402 included on all such copies and derivative works. However, this 1403 document itself may not be modified in any way, such as by removing the 1404 copyright notice or references to the Internet Society or other 1405 Internet organizations, except as needed for the purpose of developing 1406 Internet standards in which case the procedures for copyrights defined 1407 in the Internet Standards process must be followed, or as required to 1408 translate it into languages other than English. 1410 The limited permissions granted above are perpetual and will not be 1411 revoked by the Internet Society or its successors or assigns. 1413 This document and the information contained herein is provided on an 1414 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 1415 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT 1416 NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL 1417 NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY 1418 OR FITNESS FOR A PARTICULAR PURPOSE.