idnits 2.17.1 draft-ietf-sigtran-sctp-mib-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- ** The document seems to lack a 1id_guidelines paragraph about 6 months document validity -- however, there's a paragraph with a matching beginning. Boilerplate error? ** The document seems to lack a 1id_guidelines paragraph about the list of current Internet-Drafts -- however, there's a paragraph with a matching beginning. Boilerplate error? == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 251 has weird spacing: '...ocTable is th...' == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- Couldn't find a document date in the document -- date freshness check skipped. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC2119' is mentioned on line 109, but not defined == Missing Reference: 'RFC2863' is mentioned on line 202, but not defined == Unused Reference: 'RFC3309' is defined on line 1925, but no explicit reference was found in the text == Unused Reference: 'RFC1213' is defined on line 1935, but no explicit reference was found in the text == Unused Reference: 'VANJ' is defined on line 1947, but no explicit reference was found in the text == Unused Reference: 'IPv6ARCH' is defined on line 1950, but no explicit reference was found in the text == Unused Reference: 'UDPMIB' is defined on line 1960, but no explicit reference was found in the text == Unused Reference: 'MIBGUIDE' is defined on line 1964, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2960 (Obsoleted by RFC 4960) ** Obsolete normative reference: RFC 3291 (Obsoleted by RFC 4001) ** Obsolete normative reference: RFC 3309 (Obsoleted by RFC 4960) -- Obsolete informational reference (is this intentional?): RFC 2012 (Obsoleted by RFC 4022) == Outdated reference: A later version (-06) exists of draft-ietf-ipv6-rfc2012-update-01 == Outdated reference: A later version (-04) exists of draft-ietf-ipv6-rfc2013-update-00 == Outdated reference: A later version (-04) exists of draft-ietf-ops-mib-review-guidelines-01 Summary: 7 errors (**), 0 flaws (~~), 15 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Pastor 3 INTERNET-DRAFT M. Belinchon 4 Expires: December 2003 Ericsson 6 June, 2003 8 Stream Control Transmission Protocol 9 Management Information Base 10 12 Status of this memo 14 This document is an Internet-Draft and is in full conformance with 15 all provisions of Section 10 of RFC2026. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF), its areas, and its working groups. Note that other 19 groups may also distribute working documents as Internet-Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or cite them other than as "work in progress". 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/lid-abstracts.txt 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html 32 This document is an individual submission to the IETF. Comments 33 should be directed to the authors. 35 Copyright Notice 36 Copyright (C) The Internet Society (2003). All Rights Reserved. 38 Abstract 40 The Stream Control Transmission Protocol (SCTP) is a reliable 41 transport protocol operating on top of a connectionless packet 42 network such as IP. It is designed to transport PSTN signaling 43 messages over the connectionless packet network, but is capable of 44 broader applications. 46 This memo defines the Management Information Base (MIB) module which 47 describes the minimum set of objects needed to manage the 48 implementation of the SCTP. 50 Open Issues 52 - Remove this section (i.e. Open Issues). 54 - Remove Revision History 56 - IANA: Decide under which object identifier branch of the SNMP 57 tree, SCTP should be placed. This value will be obtained when 58 submitted to the IETF queue. 60 - RFC Editor: Change "xxxx" occurrences to the value assigned by 61 IANA. Section 3.1.3 and DESCRIPTION clause of the MODULE- 62 IDENTITY. 64 - RFC Editor: Change "YYYY" occurrences to the RFC number assigned 65 in DESCRIPTION clause of the MODULE-IDENTITY. 67 TABLE OF CONTENTS 69 Open Issues.........................................................2 70 1. Introduction.....................................................2 71 1.1 Abbreviations...................................................3 72 2. The Internet-Standard Management Framework.......................3 73 3. MIB Structure....................................................4 74 3.1 SCTP Objets.....................................................5 75 3.1.1 SCTP Statistics...............................................5 76 3.1.2 SCTP Parameters...............................................5 77 3.1.3 MIB Tables....................................................6 78 3.1.3.1 Association Table..........................................6 79 3.1.3.2 Reverse Lookup Table.......................................9 80 3.2 Conformance....................................................10 81 4. Definitions.....................................................10 82 5. Compiling Notes.................................................40 83 6. References......................................................41 84 6.1 Normative References...........................................41 85 6.1 Informative References.........................................42 86 7. Security Considerations.........................................43 87 8. Acknowledgments.................................................44 88 9. Authors' Addresses..............................................44 90 1. Introduction 91 This memo defines the Management Information Base (MIB) module which 92 describes managed objects for implementations of the SCTP. 94 The document starts with a brief description of the SNMP framework 95 and continues with the MIB explanation and security consideration 96 sections among others. 98 The managed objects in this MIB module are based on [RFC2012] update: 99 "Management Information Base for the Transmission Control Protocol 100 (TCP)" referred as [TCPMIB] (work in progress), and RFC 3291 "Textual 101 Conventions for Internet Network Addresses" [RFC3291]. 103 Terms related to the SCTP architecture are explained in [RFC2960]. 104 Other specific abbreviations are listed below. 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 1.1 Abbreviations 112 DNS - Domain Name System 113 IANA - Internet Assigned Numbers Authority 114 IETF - Internet Engineering Task Force 115 IP - Internet Protocol 116 MIB - Management Information Base 117 RFC - Request For Comments 118 RTO - Retransmission Time Out 119 SCTP - Stream Control Transmission Protocol 120 SMI - Structure of Management Information 121 SNMP - Simple Network Management Protocol 122 TCB - Transmission Control Block 123 TCP - Transmission Control Protocol 125 2. The Internet-Standard Management Framework 127 For a detailed overview of the documents that describe the current 128 Internet-Standard Management Framework, please refer to section 7 of 129 RFC 3410 [RFC3410]. 131 Managed objects are accessed via a virtual information store, termed 132 the Management Information Base or MIB. MIB objects are generally 133 accessed through the Simple Network Management Protocol (SNMP). 134 Objects in the MIB are defined using the mechanisms defined in the 135 Structure of Management Information (SMI). This memo specifies a MIB 136 module that is compliant to the SMIv2, which is described in STD 58, 137 RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 2580 138 [RFC2580]. 140 3. MIB Structure 142 This chapter explains the main objects this MIB defines. A detailed 143 view of the MIB structure with the OID values is below. 145 MIB-2 {1 3 6 1 2 1} 146 +--(xxxx)sctpMIB 147 | 148 +--(1) sctpObjects 149 | | 150 | +--(1) sctpStats 151 | | | 152 | | +-- 153 | | 154 | +--(2)sctpParameters 155 | | | 156 | | +-- 157 | | 158 | +--(3) sctpAssocTable 159 | | 160 | +--(4) sctpAssocLocalAddrTable 161 | | 162 | +--(5) sctpAssocRemAddrTable 163 | | 164 | +--(6) sctpLookupLocalPortTable 165 | | 166 | +--(7) sctpLookupRemPortTable 167 | | 168 | +--(8) sctpLookupRemHostNameTable 169 | | 170 | +--(9) sctpLookupRemPrimIPAddrTable 171 | | 172 | +--(10) sctpLookupRemIPAddrTable 173 | 174 | 175 +--(2)sctpMibConformance 176 | 177 +--(1) sctpMibCompliances 178 | | 179 | +--(1) sctpMibCompliance 180 | 181 +--(2) sctpMibGroups 182 | 183 +--(1) sctpLayerParamsGroup 184 | 185 +--(2) sctpStatsGroup 186 | 187 +--(3) sctpPerAssocParamsGroup 188 | 189 +--(4) sctpInverseGroup 191 The main groups are explained further in the MIB definition. 193 3.1 SCTP Objets 195 This branch contains the SCTP statistics and general parameters (both 196 of them scalars) and the SCTP MIB tables. 198 3.1.1 SCTP Statistics 200 The SCTP MIB includes both Counter32s and Counter64s to deal with 201 statistics. Counter64s are used for those counters, which are likely 202 to wrap around in less than one hour, according to [RFC2863]. 204 In addition Gauge32 is also used. 206 3.1.1.1 State-Related Statistics 208 These statistics are based on the TCP model, but adapted to the SCTP 209 states. They store the number of successful association attempts, how 210 many associations have been initiated by the local or the remote SCTP 211 layer, and the number of associations terminated in a graceful (by 212 means of SHUTDOWN procedure) or ungraceful way (by means of CLOSE 213 procedure). 215 3.1.1.2 Statistics for traffic Measurements 217 This set of objects specifies statistics related to the whole SCTP 218 layer. There are, e.g., statistics related to both SCTP packets and 219 SCTP chunks. 221 Statistics related to a specific association, or local/remote IP 222 addresses are defined inside its associated table. 224 3.1.2 SCTP Parameters 226 This section of the MIB contains the general variables for the 227 SCTP protocol. Maximum, minimum, initial and default values are 228 listed here. 230 SCTP RTO mechanism definition is based on the TCP MIB [TCPMIB]. In 231 SCTP, only options 'other' and 'vanj' are valid since SCTP defines 232 Van Jacobson's algorithm (vanj) as the one to be used to calculate 233 RTO. 'Other' is left for future use. 235 3.1.3 MIB Tables 237 There are several tables included in the SCTP MIB. The first group 238 deals with the SCTP association variables and is composed of a main 239 and two extended tables. The second group is a bunch of tables used 240 to perform reverse lookups. 242 It is NOT possible to create rows in any table (sctpAssocTable, 243 sctpAssocLocalAddrTable, sctpRemAddrTable and Reverse Lookup tables) 244 using SNMP. 246 It is NOT possible to delete rows in any table using SNMP except in 247 sctpAssocTable under the particular conditions explained below. 249 3.1.3.1 Association Table 251 The sctpAssocTable is the main MIB table, where all the association 252 related information is stored on a per association basis. It is 253 structured according to expanded tables. The main table is called 254 sctpAssocTable and is indexed by sctpAssocId (the association 255 identification). This is a value that uniquely identifies an 256 association. The MIB does not restrict what value must be written 257 here, however it must be unique within the table. 259 The sctpAssoc index is also shared by two more tables: 260 - sctpAssocLocalAddrTable: to store the local IP address(-es). 261 - sctpAssocRemAddrTable: to store the remote addresses and the 262 per-remote-address related information. 264 Entries in the sctpAssocTable are created when trying to establish 265 the association, i.e., when sending the COOKIE-ECHO message 266 (originating side) or the COOKIE-ACK message (server side). At this 267 point, i.e., at established state, all entry fields are filled in 268 with valid values. 270 Note: The following representation is a conceptual mode of describing 271 the relationship between the tables in this MIB. Note that the real 272 relationship of the tables is by sharing an index, so tables are not 273 truly within tables. Every entry is explained when defining the 274 corresponding objects in the MIB. 276 mib-2 {1 3 6 1 2 1} 277 +--(xxxx)sctpMIB 278 | 279 +--(1) sctpObjects 280 | | 281 . . 282 . . 283 | 284 +--(3) sctpAssocTable 285 | | 286 | +--(1) sctpAssocId (index) 287 | | 288 | +--(2) sctpAssocRemHostName 289 | | 290 | +--(3) sctpAssocLocalPort 291 | | 292 | +--(4) sctpAssocRemPort 293 | | 294 | +--(5) sctpAssocRemPrimAddrType 295 | | 296 | +--(6) sctpAssocRemPrimAddr 297 | | 298 | +--(7) sctpAssocHeartBeatInterval 299 | | 300 | +--(8) sctpAssocState 301 | | 302 | +--(9) sctpAssocInStreams 303 | | 304 | +--(10) sctpAssocOutStreams 305 | | 306 | +--(11) sctpAssocMaxRetr 307 | | 308 | +--(12) sctpAssocPrimProcess 309 | | 310 | +--(13) sctpAssocT1expireds 311 | | 312 | +--(14) sctpAssocT2expireds 313 | | 314 | +--(15) sctpAssocRtxChunks 315 | | 316 | +--(16) sctpAssocStartTime 317 | | 318 | +--(17) sctpAssocDiscontinuityTime 319 | 320 | 321 +--(4) sctpAssocLocalAddrTable 322 | | 323 | |--(-) sctpAssocId (shared index) 324 | | 325 | +--(1) sctpAssocLocalAddrType(index) 326 | | 327 | +--(2) sctpAssocLocalAddr (index) 328 | | 329 | +--(3) sctpAssocLocalAddrStartTime 330 | 331 | 332 +--(5) sctpAssocRemAddrTable 333 | | 334 | |--(-) sctpAssocId (shared index) 335 | | 336 | +--(1) sctpAssocRemAddrType (index) 337 . | 338 . +--(2) sctpAssocRemAddr (index) 339 . | 340 +--(3) sctpAssocRemAddrActive 341 | 342 +--(4) sctpAssocRemAddrHBActive 343 | 344 +--(5) sctpAssocRemAddrRTO 345 | 346 +--(6) sctpAssocRemAddrMaxPathRtx 347 | 348 +--(7) sctpAssocRemAddrRtx 349 | 350 +--(8) sctpAssocRemAddrStartTime 352 Both sctpAssocLocalAddrTable and sctpAssocRemAddrTable are indexed by 353 addresses. 'Addr' and 'AddrType' use the syntax InetAddress and 354 InetAddressType defined in the Textual Conventions for Internet 355 Network Address (RFC3291). The InetAddressType TC has codepoints for 356 unknown, IPv4, IPv6, non-global IPv4, non-global IPv6, and DNS 357 addresses, but only the IPv4 and IPv6 address types are required to 358 be supported by implementations of this MIB module. Implementations 359 that connect multiple zones are expected to support the non-global 360 IPv4 and non-global IPv6 address types as well. 362 Note that DNS addresses are not used in this MIB module. They are 363 always resolved to the on-the-wire form prior to connection setup, 364 and the on-the-wire form is what appears in the MIB objects. 366 The sctpAssocLocalAddrTable table will have as many entries as local 367 IP addresses have been defined for the association. The 368 sctpAssocRemAddrTable table will contain as many entries as remote IP 369 addresses are known to reach the peer. For the multihoming concept 370 see reference RFC2960. 372 To keep the name of the remote peer (when provided by the peer at 373 initialization time), an entry has been created in the sctpAssocTable 374 called sctpAssocRemHostName. When no DNS name is provided by the 375 remote endpoint, this value will be NULL (zero-length string). 376 Otherwise, the received DNS name will be stored here. 378 If it is necessary to abort an existing association, the value 379 deleteTCB(9) must be written in the variable sctpAssocState. That is 380 the only way to delete rows in any of the mentioned tables. 382 3.1.3.2 Reverse Lookup Table 384 There are five reverse lookup tables to help management applications 385 efficiently access conceptual rows in other tables. These tables 386 allow management applications to avoid expensive tree walks through 387 large numbers of associations. 389 All of these tables are optional. If these tables are implemented, an 390 entry in them must be created after the entry in the main table 391 (sctpAssocTable) associated with it has been created. This ensures 392 that the field indexing the lookup table exists. 394 The defined reverse lookup tables allow for performing a lookup using 395 the following variables: 397 - Local Port: It allows a management application to find all the 398 associations that use a specific local port 399 - Remote Port: It allows a management application to find all the 400 associations that use a specific remote port 401 - Remote Host Name: It allows a management application to find 402 all the associations with a specific host name. 403 - Remote Primary IP Address: It allows a management application 404 to find all the associations that use a specific remote IP 405 address as primary. 406 - Remote IP address: a management application to find all the 407 associations that use a specific remote IP address. 409 As an example the picture below shows the table to look up by local 410 port. 412 MIB-2 {1 3 6 1 2 1} 413 +--(xxx)sctpMIB 414 | 415 +--(1) sctpObjects 416 | | 417 . . 418 . . 419 | | 420 | +--(6) sctpLookupLocalPortTable 421 | | | 422 . . +--(-) sctpAssocLocalPort (shared index) 423 . . | 424 +--(-) sctpAssocId (shared index) 425 | 426 +--(1) sctpLookupLocalPortStartTime 428 It is not possible for the operator to either create or delete rows 429 in these tables. The rows in this table will dynamically appear and 430 be removed as the corresponding entries in sctpAssocTable are. 432 3.2 Conformance 434 The conformance section recommends as optional all the inverse lookup 435 tables in this MIB. General layer and per association parameters and 436 statistics are considered mandatory. 438 IP addresses use the global IPv4 and global IPv6 address formats. 439 Unknown value and DNS name formats are not used. Names, if present, 440 are stored in the sctpRemoteHostName variable. 442 4. Definitions 444 SCTP-MIB DEFINITIONS ::= BEGIN 446 IMPORTS 447 MODULE-IDENTITY, OBJECT-TYPE, Integer32, Unsigned32, Gauge32, 448 Counter32, Counter64, mib-2 449 FROM SNMPv2-SMI -- RFC2578 450 TimeStamp, TruthValue 451 FROM SNMPv2-TC -- RFC2579 452 MODULE-COMPLIANCE, OBJECT-GROUP 453 FROM SNMPv2-CONF -- RFC2580 454 InetAddressType, InetAddress, InetPortNumber 455 FROM INET-ADDRESS-MIB; -- RFC3291 457 sctpMIB MODULE-IDENTITY 458 LAST-UPDATED "200306040000Z" -- 4th June 2003 459 ORGANIZATION "IETF SIGTRAN Working Group" 460 CONTACT-INFO 461 " 462 WG EMail: sigtran@ietf.org 464 Web Page: 465 http://www.ietf.org/html.charters/sigtran-charter.html 467 Chair: Lyndon Ong 468 Ciena Corporation 469 0480 Ridgeview Drive 470 Cupertino, CA 95014 471 USA 472 Tel: 473 Email: lyong@ciena.com 475 Editors: Maria-Carmen Belinchon 476 R&D Department 477 Ericsson Espana S. A. 478 Via de los Poblados, 13 479 28033 Madrid 480 Spain 481 Tel: +34 91 339 3535 482 Email: Maria.C.Belinchon@ericsson.com 484 Jose-Javier Pastor-Balbas 485 R&D Department 486 Ericsson Espana S. A. 487 Via de los Poblados, 13 488 28033 Madrid 489 Spain 490 Tel: +34 91 339 3819 491 Email: J.Javier.Pastor@ericsson.com 492 " 493 DESCRIPTION 494 "The MIB module for managing SCTP implementations. 496 Copyright (C) The Internet Society (2003). This version of 497 this MIB module is part of RFC YYYY; see the RFC itself for 498 full legal notices. " 500 REVISION "200306040000Z" -- 4th June 2003 502 DESCRIPTION " Initial version, published as RFC YYYY" 503 -- RFC Editor: to assign YYYY 505 ::= { mib-2 xxxx } 507 -- IANA: to assign xxxx 508 -- RFC Editor: to change xxxx into the value assigned by IANA 510 -- the SCTP base variables group 512 sctpObjects OBJECT IDENTIFIER ::= { sctpMIB 1 } 514 sctpStats OBJECT IDENTIFIER ::= { sctpObjects 1 } 515 sctpParams OBJECT IDENTIFIER ::= { sctpObjects 2 } 516 -- STATISTICS 517 -- ********** 519 -- STATE-RELATED STATISTICS 521 sctpCurrEstab OBJECT-TYPE 522 SYNTAX Gauge32 523 MAX-ACCESS read-only 524 STATUS current 525 DESCRIPTION 526 "The number of associations for which the current state is 527 either ESTABLISHED, SHUTDOWN-RECEIVED or SHUTDOWN-PENDING." 528 REFERENCE 529 "Section 4 in RFC2960 covers the SCTP Association state 530 diagram." 532 ::= { sctpStats 1 } 534 sctpActiveEstabs OBJECT-TYPE 535 SYNTAX Counter32 536 MAX-ACCESS read-only 537 STATUS current 538 DESCRIPTION 539 "The number of times that associations have made a direct 540 transition to the ESTABLISHED state from the COOKIE-ECHOED 541 state: COOKIE-ECHOED -> ESTABLISHED. The upper layer initiated 542 the association attempt." 543 REFERENCE 544 "Section 4 in RFC2960 covers the SCTP Association state 545 diagram." 547 ::= { sctpStats 2 } 549 sctpPassiveEstabs OBJECT-TYPE 550 SYNTAX Counter32 551 MAX-ACCESS read-only 552 STATUS current 553 DESCRIPTION 554 "The number of times that associations have made a direct 555 transition to the ESTABLISHED state from the CLOSED state: 556 CLOSED -> ESTABLISHED. The remote endpoint initiated the 557 association attempt." 558 REFERENCE 559 "Section 4 in RFC2960 covers the SCTP Association state 560 diagram." 562 ::= { sctpStats 3 } 564 sctpAborteds OBJECT-TYPE 565 SYNTAX Counter32 566 MAX-ACCESS read-only 567 STATUS current 568 DESCRIPTION 569 "The number of times that associations have made a direct 570 transition to the CLOSED state from any state using the 571 primitive 'ABORT': AnyState --Abort--> CLOSED. Ungraceful 572 termination of the association." 573 REFERENCE 574 "Section 4 in RFC2960 covers the SCTP Association state 575 diagram." 577 ::= { sctpStats 4 } 579 sctpShutdowns OBJECT-TYPE 580 SYNTAX Counter32 581 MAX-ACCESS read-only 582 STATUS current 583 DESCRIPTION 584 "The number of times that associations have made a direct 585 transition to the CLOSED state from either the SHUTDOWN-SENT 586 state or the SHUTDOWN-ACK-SENT state. Graceful termination of 587 the association." 588 REFERENCE 589 "Section 4 in RFC2960 covers the SCTP Association state 590 diagram." 592 ::= { sctpStats 5 } 594 -- OTHER LAYER STATISTICS 596 sctpOutOfBlues OBJECT-TYPE 597 SYNTAX Counter32 598 MAX-ACCESS read-only 599 STATUS current 600 DESCRIPTION 601 "The number of out of the blue packets received by the host. 602 An out of the blue packet is an SCTP packet correctly formed, 603 including the proper checksum, but for which the receiver was 604 unable to identify an appropriate association." 605 REFERENCE 606 "Section 8.4 in RFC2960 deals with the Out-Of-The-Blue 607 (OOTB) packet definition and procedures." 609 ::= { sctpStats 6 } 611 sctpChecksumErrors OBJECT-TYPE 612 SYNTAX Counter32 613 MAX-ACCESS read-only 614 STATUS current 615 DESCRIPTION 616 "The number of SCTP packets received with an invalid 617 checksum." 618 REFERENCE 619 "The checksum is located at the end of the SCTP packet as per 620 Section 3.1 in RFC2960. RFC3309 updates SCTP to use a 32 bit 621 CRC checksum." 623 ::= { sctpStats 7 } 625 sctpOutCtrlChunks OBJECT-TYPE 626 SYNTAX Counter64 627 MAX-ACCESS read-only 628 STATUS current 629 DESCRIPTION 630 "The number of SCTP control chunks sent (retransmissions are 631 not included). Control chunks are those chunks different from 632 DATA." 633 REFERENCE 634 "Sections 1.3.5 and 1.4 in RFC2960 refer to control chunk as 635 those chunks different from those that contain user 636 information, i.e. DATA chunks." 638 ::= { sctpStats 8 } 640 sctpOutOrderChunks OBJECT-TYPE 641 SYNTAX Counter64 642 MAX-ACCESS read-only 643 STATUS current 644 DESCRIPTION 645 "The number of SCTP ordered data chunks sent (retransmissions 646 are not included)." 647 REFERENCE 648 "Section 3.3.1 in RFC2960 defines the ordered data chunk." 650 ::= { sctpStats 9 } 652 sctpOutUnorderChunks OBJECT-TYPE 653 SYNTAX Counter64 654 MAX-ACCESS read-only 655 STATUS current 656 DESCRIPTION 657 "The number of SCTP unordered chunks (data chunks in which the 658 U bit is set to 1) sent (retransmissions are not included)." 659 REFERENCE 660 "Section 3.3.1 in RFC2960 defines the unordered data chunk." 662 ::= { sctpStats 10 } 664 sctpInCtrlChunks OBJECT-TYPE 665 SYNTAX Counter64 666 MAX-ACCESS read-only 667 STATUS current 668 DESCRIPTION 669 "The number of SCTP control chunks received (no duplicate 670 chunks included)." 671 REFERENCE 672 "Sections 1.3.5 and 1.4 in RFC2960 refer to control chunk as 673 those chunks different from those that contain user 674 information, i.e. DATA chunks." 676 ::= { sctpStats 11 } 678 sctpInOrderChunks OBJECT-TYPE 679 SYNTAX Counter64 680 MAX-ACCESS read-only 681 STATUS current 682 DESCRIPTION 683 "The number of SCTP ordered data chunks received (no duplicate 684 chunks included)." 685 REFERENCE 686 "Section 3.3.1 in RFC2960 defines the ordered data chunk." 688 ::= { sctpStats 12 } 690 sctpInUnorderChunks OBJECT-TYPE 691 SYNTAX Counter64 692 MAX-ACCESS read-only 693 STATUS current 694 DESCRIPTION 695 "The number of SCTP unordered chunks (data chunks in which the 696 U bit is set to 1) received (no duplicate chunks included)." 697 REFERENCE 698 "Section 3.3.1 in RFC2960 defines the unordered data chunk." 700 ::= { sctpStats 13 } 702 sctpFragUsrMsgs OBJECT-TYPE 703 SYNTAX Counter64 704 MAX-ACCESS read-only 705 STATUS current 706 DESCRIPTION 707 "The number of user messages that have to be fragmented 708 because of the MTU." 710 ::= { sctpStats 14 } 712 sctpReasmUsrMsgs OBJECT-TYPE 713 SYNTAX Counter64 714 MAX-ACCESS read-only 715 STATUS current 716 DESCRIPTION 717 "The number of user messages reassembled, after conversion 718 into DATA chunks." 719 REFERENCE 720 "Section 6.9 in RFC2960 includes a description of the 721 reassembly process." 723 ::= { sctpStats 15 } 725 sctpOutSCTPPacks OBJECT-TYPE 726 SYNTAX Counter64 727 MAX-ACCESS read-only 728 STATUS current 729 DESCRIPTION 730 "The number of SCTP packets sent. Retransmitted DATA chunks 731 are included." 733 ::= { sctpStats 16 } 735 sctpInSCTPPacks OBJECT-TYPE 736 SYNTAX Counter64 737 MAX-ACCESS read-only 738 STATUS current 739 DESCRIPTION 740 "The number of SCTP packets received. Duplicates are 741 included." 743 ::= { sctpStats 17 } 745 sctpDiscontinuityTime OBJECT-TYPE 746 SYNTAX TimeStamp 747 MAX-ACCESS read-only 748 STATUS current 749 DESCRIPTION 750 "The value of sysUpTime on the most recent occasion at which 751 any one or more of this general statistics counters suffered a 752 discontinuity. The relevant counters are the specific 753 instances associated with this interface of any Counter32 or 754 Counter64 object contained in the SCTP layer statistics 755 (defined below sctpStats branch). If no such discontinuities 756 have occurred since the last re-initialization of the local 757 management subsystem, then this object contains a zero value." 758 REFERENCE 759 "The inclusion of this object is recommended by RFC2578." 761 ::= { sctpStats 18 } 763 -- PROTOCOL GENERAL VARIABLES 764 -- ************************** 766 sctpRtoAlgorithm OBJECT-TYPE 767 SYNTAX INTEGER { 768 other(1), -- Other new one. Future use 769 vanj(2) -- Van Jacobson's algorithm 770 } 771 MAX-ACCESS read-only 772 STATUS current 773 DESCRIPTION 774 "The algorithm used to determine the timeout value (T3-rtx) 775 used for re-transmitting unacknowledged chunks." 776 REFERENCE 777 "Section 6.3.1 and 6.3.2 in RFC2960 cover the RTO calculation 778 and retransmission timer rules." 779 DEFVAL {vanj} -- vanj(2) 781 ::= { sctpParams 1 } 783 sctpRtoMin OBJECT-TYPE 784 SYNTAX Unsigned32 785 UNITS "milliseconds" 786 MAX-ACCESS read-only 787 STATUS current 788 DESCRIPTION 789 "The minimum value permitted by a SCTP implementation for the 790 retransmission timeout value, measured in milliseconds. More 791 refined semantics for objects of this type depend upon the 792 algorithm used to determine the retransmission timeout value. 794 A retransmission time value of zero means immediate 795 retransmission. 797 The value of this object has to be lower than or equal to 798 stcpRtoMax's value." 799 DEFVAL {1000} -- milliseconds 801 ::= { sctpParams 2 } 803 sctpRtoMax OBJECT-TYPE 804 SYNTAX Unsigned32 805 UNITS "milliseconds" 806 MAX-ACCESS read-only 807 STATUS current 808 DESCRIPTION 809 "The maximum value permitted by a SCTP implementation for the 810 retransmission timeout value, measured in milliseconds. More 811 refined semantics for objects of this type depend upon the 812 algorithm used to determine the retransmission timeout value. 814 A retransmission time value of zero means immediate re- 815 transmission. 817 The value of this object has to be greater than or equal to 818 stcpRtoMin's value." 819 DEFVAL {60000} -- milliseconds 821 ::= { sctpParams 3 } 823 sctpRtoInitial OBJECT-TYPE 824 SYNTAX Unsigned32 825 UNITS "milliseconds" 826 MAX-ACCESS read-only 827 STATUS current 828 DESCRIPTION 829 "The initial value for the retransmission timer. 831 A retransmission time value of zero means immediate re- 832 transmission." 833 DEFVAL {3000} -- milliseconds 835 ::= { sctpParams 4 } 837 sctpMaxAssocs OBJECT-TYPE 838 SYNTAX Integer32 (-1 | 0..2147483647) 839 MAX-ACCESS read-only 840 STATUS current 841 DESCRIPTION 842 "The limit on the total number of associations the entity can 843 support. In entities where the maximum number of associations 844 is dynamic, this object should contain the value -1." 846 ::= { sctpParams 5 } 848 sctpValCookieLife OBJECT-TYPE 849 SYNTAX Unsigned32 850 UNITS "milliseconds" 851 MAX-ACCESS read-only 852 STATUS current 853 DESCRIPTION 854 "Valid cookie life in the 4-way start-up handshake procedure." 855 REFERENCE 856 "Section 5.1.3 in RFC2960 explains the cookie generation 857 process. Recommended value is per section 14 in RFC2960." 858 DEFVAL {60000} -- milliseconds 860 ::= { sctpParams 6 } 862 sctpMaxInitRetr OBJECT-TYPE 863 SYNTAX Unsigned32 864 MAX-ACCESS read-only 865 STATUS current 866 DESCRIPTION 867 "The maximum number of retransmissions at the start-up phase 868 (INIT and COOKIE ECHO chunks). " 869 REFERENCE 870 "Section 5.1.4, 5.1.6 in RFC2960 refers to Max.Init.Retransmit 871 parameter. Recommended value is per section 14 in RFC2960." 872 DEFVAL {8} -- number of attempts 874 ::= { sctpParams 7 } 876 -- TABLES 877 -- ****** 879 -- the SCTP Association TABLE 881 -- The SCTP association table contains information about each 882 -- association in which the local endpoint is involved. 884 sctpAssocTable OBJECT-TYPE 885 SYNTAX SEQUENCE OF SctpAssocEntry 886 MAX-ACCESS not-accessible 887 STATUS current 888 DESCRIPTION 889 "A table containing SCTP association-specific information." 891 ::= { sctpObjects 3 } 893 sctpAssocEntry OBJECT-TYPE 894 SYNTAX SctpAssocEntry 895 MAX-ACCESS not-accessible 896 STATUS current 897 DESCRIPTION 898 "General common variables and statistics for the whole 899 association." 900 INDEX { sctpAssocId } 902 ::= { sctpAssocTable 1 } 904 SctpAssocEntry ::= SEQUENCE { 905 sctpAssocId Unsigned32, 906 sctpAssocRemHostName OCTET STRING, 907 sctpAssocLocalPort InetPortNumber, 908 sctpAssocRemPort InetPortNumber, 909 sctpAssocRemPrimAddrType InetAddressType, 910 sctpAssocRemPrimAddr InetAddress, 911 sctpAssocHeartBeatInterval Unsigned32, 912 sctpAssocState INTEGER, 913 sctpAssocInStreams Unsigned32, 914 sctpAssocOutStreams Unsigned32, 915 sctpAssocMaxRetr Unsigned32, 916 sctpAssocPrimProcess Unsigned32, 917 sctpAssocT1expireds Counter32, -- Statistic 918 sctpAssocT2expireds Counter32, -- Statistic 919 sctpAssocRtxChunks Counter32, -- Statistic 920 sctpAssocStartTime TimeStamp, 921 sctpAssocDiscontinuityTime TimeStamp 922 } 924 sctpAssocId OBJECT-TYPE 925 SYNTAX Unsigned32 (1..4294967295) 926 MAX-ACCESS not-accessible 927 STATUS current 928 DESCRIPTION 929 "Association Identification. Value identifying the 930 association. " 932 ::= { sctpAssocEntry 1 } 934 sctpAssocRemHostName OBJECT-TYPE 935 SYNTAX OCTET STRING (SIZE(0..255)) 936 MAX-ACCESS read-only 937 STATUS current 938 DESCRIPTION 939 "The peer's DNS name. This object needs to have the same 940 format as the encoding in the DNS protocol. This implies that 941 the domain name can be up to 255 octets long, each octet being 942 0<=x<=255 as value with US-ASCII A-Z having a case insensitive 943 matching. 945 If no DNS domain name was received from the peer at init time 946 (embedded in the INIT or INIT-ACK chunk), this object is 947 meaningless. In such cases the object MUST contain a zero- 948 length string value. Otherwise, it contains the remote host 949 name received at init time." 951 ::= { sctpAssocEntry 2 } 953 sctpAssocLocalPort OBJECT-TYPE 954 SYNTAX InetPortNumber (1..65535) 955 MAX-ACCESS read-only 956 STATUS current 957 DESCRIPTION 958 "The local SCTP port number used for this association." 960 ::= { sctpAssocEntry 3 } 962 sctpAssocRemPort OBJECT-TYPE 963 SYNTAX InetPortNumber (1..65535) 964 MAX-ACCESS read-only 965 STATUS current 966 DESCRIPTION 967 "The remote SCTP port number used for this association." 969 ::= { sctpAssocEntry 4 } 971 sctpAssocRemPrimAddrType OBJECT-TYPE 972 SYNTAX InetAddressType 973 MAX-ACCESS read-only 974 STATUS current 975 DESCRIPTION 976 "The internet type of primary remote IP address. " 978 ::= { sctpAssocEntry 5 } 980 sctpAssocRemPrimAddr OBJECT-TYPE 981 SYNTAX InetAddress 982 MAX-ACCESS read-only 983 STATUS current 984 DESCRIPTION 985 "The primary remote IP address. The type of this address is 986 determined by the value of sctpAssocRemPrimAddrType. 988 The client side will know this value after INIT_ACK message 989 reception, the server side will know this value when sending 990 INIT_ACK message. However, values will be filled in at 991 established(4) state." 993 ::= { sctpAssocEntry 6 } 995 sctpAssocHeartBeatInterval OBJECT-TYPE 996 SYNTAX Unsigned32 997 UNITS "milliseconds" 998 MAX-ACCESS read-only 999 STATUS current 1000 DESCRIPTION 1001 "The current heartbeat interval.. 1003 Zero value means no HeartBeat, even when the concerned 1004 sctpAssocRemAddrHBFlag object is true." 1005 DEFVAL {30000} -- milliseconds 1007 ::= { sctpAssocEntry 7 } 1009 sctpAssocState OBJECT-TYPE 1010 SYNTAX INTEGER { 1011 closed(1), 1012 cookieWait(2), 1013 cookieEchoed(3), 1014 established(4), 1015 shutdownPending(5), 1016 shutdownSent(6), 1017 shutdownReceived(7), 1018 shutdownAckSent(8), 1019 deleteTCB(9) 1020 } 1021 MAX-ACCESS read-write 1022 STATUS current 1023 DESCRIPTION 1024 "The state of this SCTP association. 1026 As in TCP, deleteTCB(9) is the only value that may be set by a 1027 management station. If any other value is received, then the 1028 agent must return a wrongValue error. 1030 If a management station sets this object to the value 1031 deleteTCB(9), then this has the effect of deleting the TCB (as 1032 defined in SCTP) of the corresponding association on the 1033 managed node, resulting in immediate termination of the 1034 association. 1036 As an implementation-specific option, an ABORT chunk may be 1037 sent from the managed node to the other SCTP endpoint as a 1038 result of setting the deleteTCB(9) value. The ABORT chunk 1039 implies an ungraceful association shutdown." 1040 REFERENCE 1041 "Section 4 in RFC2960 covers the SCTP Association state 1042 diagram." 1044 ::= { sctpAssocEntry 8 } 1046 sctpAssocInStreams OBJECT-TYPE 1047 SYNTAX Unsigned32 (1..65535) 1048 MAX-ACCESS read-only 1049 STATUS current 1050 DESCRIPTION 1051 "Inbound Streams according to the negotiation at association 1052 start up." 1053 REFERENCE 1054 "Section 1.3 in RFC2960 includes a definition of stream. 1055 Section 5.1.1 in RFC2960 covers the streams negotiation 1056 process." 1058 ::= { sctpAssocEntry 9 } 1060 sctpAssocOutStreams OBJECT-TYPE 1061 SYNTAX Unsigned32 (1..65535) 1062 MAX-ACCESS read-only 1063 STATUS current 1064 DESCRIPTION 1065 "Outbound Streams according to the negotiation at association 1066 start up. " 1067 REFERENCE 1068 "Section 1.3 in RFC2960 includes a definition of stream. 1069 Section 5.1.1 in RFC2960 covers the streams negotiation 1070 process." 1072 ::= { sctpAssocEntry 10 } 1074 sctpAssocMaxRetr OBJECT-TYPE 1075 SYNTAX Unsigned32 1076 MAX-ACCESS read-only 1077 STATUS current 1078 DESCRIPTION 1079 "The maximum number of data retransmissions in the association 1080 context. This value is specific for each association and the 1081 upper layer can change it by calling the appropriate 1082 primitives. This value has to be smaller than the addition of 1083 all the maximum number for all the paths 1084 (sctpAssocRemAddrMaxPathRtx). 1086 A value of zero value means no retransmissions." 1087 DEFVAL {10} -- number of attempts 1089 ::= { sctpAssocEntry 11 } 1091 sctpAssocPrimProcess OBJECT-TYPE 1092 SYNTAX Unsigned32 1093 MAX-ACCESS read-only 1094 STATUS current 1095 DESCRIPTION 1096 "This object identifies the system level process which holds 1097 primary responsibility for the SCTP association. 1098 Wherever possible, this should be the system's native unique 1099 identification number. The special value 0 can be used to 1100 indicate that no primary process is known. 1102 Note that the value of this object can be used as a pointer 1103 into the swRunTable of the HOST-RESOURCES-MIB(if the value is 1104 smaller than 2147483647) or into the sysApplElmtRunTable of 1105 the SYSAPPL-MIB." 1107 ::= { sctpAssocEntry 12 } 1109 -- Association Statistics 1111 sctpAssocT1expireds OBJECT-TYPE 1112 SYNTAX Counter32 1113 MAX-ACCESS read-only 1114 STATUS current 1115 DESCRIPTION 1116 "The T1 timer determines how long to wait for an 1117 acknowledgement after sending an INIT or COOKIE-ECHO chunk. 1118 This object reflects the number of times the T1 timer expires 1119 without having received the acknowledgement. 1121 Discontinuities in the value of this counter can occur at re- 1122 initialization of the management system, and at other times as 1123 indicated by the value of sctpAssocDiscontinuityTime." 1124 REFERENCE 1125 "Section 5 in RFC2960." 1127 ::= { sctpAssocEntry 13 } 1129 sctpAssocT2expireds OBJECT-TYPE 1130 SYNTAX Counter32 1131 MAX-ACCESS read-only 1132 STATUS current 1133 DESCRIPTION 1134 "The T2 timer determines how long to wait for an 1135 acknowledgement after sending a SHUTDOWN or SHUTDOWN-ACK 1136 chunk. This object reflects the number of times that T2- timer 1137 expired. 1139 Discontinuities in the value of this counter can occur at re- 1140 initialization of the management system, and at other times as 1141 indicated by the value of sctpAssocDiscontinuityTime." 1142 REFERENCE 1143 "Section 9.2 in RFC2960." 1144 ::= { sctpAssocEntry 14 } 1146 sctpAssocRtxChunks OBJECT-TYPE 1147 SYNTAX Counter32 1148 MAX-ACCESS read-only 1149 STATUS current 1150 DESCRIPTION 1151 "When T3-rtx expires, the DATA chunks that triggered the T3 1152 timer will be re-sent according with the retransmissions 1153 rules. Every DATA chunk that was included in the SCTP packet 1154 that triggered the T3-rtx timer must be added to the value of 1155 this counter. 1157 Discontinuities in the value of this counter can occur at re- 1158 initialization of the management system, and at other times as 1159 indicated by the value of sctpAssocDiscontinuityTime." 1160 REFERENCE 1161 "Section 6 in RFC2960 covers the retransmission process and 1162 rules." 1164 ::= { sctpAssocEntry 15 } 1166 sctpAssocStartTime OBJECT-TYPE 1167 SYNTAX TimeStamp 1168 MAX-ACCESS read-only 1169 STATUS current 1170 DESCRIPTION 1171 "The value of sysUpTime at the time that the association 1172 represented by this row enters the ESTABLISHED state, i.e. the 1173 sctpAssocState object is set to established(4). The value of 1174 this object will be zero: 1175 - before the association enters the established(4) 1176 state, or 1177 - if the established(4) state was entered prior to 1178 the last re-initialization of the local network management 1179 subsystem." 1181 ::= { sctpAssocEntry 16 } 1183 sctpAssocDiscontinuityTime OBJECT-TYPE 1184 SYNTAX TimeStamp 1185 MAX-ACCESS read-only 1186 STATUS current 1187 DESCRIPTION 1188 "The value of sysUpTime on the most recent occasion at which 1189 any one or more of this SCTP association counters suffered a 1190 discontinuity. The relevant counters are the specific 1191 instances associated with this interface of any Counter32 or 1192 Counter64 object contained in the sctpAssocTable or 1193 sctpLocalAddrTable or sctpRemAddrTable. If no such 1194 discontinuities have occurred since the last re-initialization 1195 of the local management subsystem, then this object contains a 1196 zero value. " 1197 REFERENCE 1198 "The inclusion of this object is recommended by RFC2578." 1200 ::= { sctpAssocEntry 17 } 1202 -- Expanded tables: Including Multi-home feature 1204 -- Local Address TABLE 1205 -- ******************* 1207 sctpAssocLocalAddrTable OBJECT-TYPE 1208 SYNTAX SEQUENCE OF SctpAssocLocalAddrEntry 1209 MAX-ACCESS not-accessible 1210 STATUS current 1211 DESCRIPTION 1212 "Expanded table of sctpAssocTable based on the AssocId index. 1213 This table shows data related to each local IP address which 1214 is used by this association." 1216 ::= { sctpObjects 4 } 1218 sctpAssocLocalAddrEntry OBJECT-TYPE 1219 SYNTAX SctpAssocLocalAddrEntry 1220 MAX-ACCESS not-accessible 1221 STATUS current 1222 DESCRIPTION 1223 "Local information about the available addresses. There will 1224 be an entry for every local IP address defined for this 1225 association. 1226 Implementors need to be aware that if the size of 1227 sctpAssocLocalAddr exceeds 114 octets then OIDs of column 1228 instances in this table will have more than 128 sub- 1229 identifiers and cannot be accessed using SNMPv1, SNMPv2c, or 1230 SNMPv3." 1231 INDEX { sctpAssocId, -- shared index 1232 sctpAssocLocalAddrType, 1233 sctpAssocLocalAddr } 1235 ::= { sctpAssocLocalAddrTable 1 } 1237 SctpAssocLocalAddrEntry ::= SEQUENCE { 1238 sctpAssocLocalAddrType InetAddressType, 1239 sctpAssocLocalAddr InetAddress, 1240 sctpAssocLocalAddrStartTime TimeStamp 1241 } 1243 sctpAssocLocalAddrType OBJECT-TYPE 1244 SYNTAX InetAddressType 1245 MAX-ACCESS not-accessible 1246 STATUS current 1247 DESCRIPTION 1248 "Internet type of local IP address used for this association." 1250 ::= { sctpAssocLocalAddrEntry 1 } 1252 sctpAssocLocalAddr OBJECT-TYPE 1253 SYNTAX InetAddress 1254 MAX-ACCESS not-accessible 1255 STATUS current 1256 DESCRIPTION 1257 "The value of a local IP address available for this 1258 association. The type of this address is determined by the 1259 value of sctpAssocLocalAddrType." 1261 ::= { sctpAssocLocalAddrEntry 2 } 1263 sctpAssocLocalAddrStartTime OBJECT-TYPE 1264 SYNTAX TimeStamp 1265 MAX-ACCESS read-only 1266 STATUS current 1267 DESCRIPTION 1268 "The value of sysUpTime at the time that this row was 1269 created." 1271 ::= { sctpAssocLocalAddrEntry 3 } 1273 -- Remote Addresses TABLE 1274 -- ********************** 1276 sctpAssocRemAddrTable OBJECT-TYPE 1277 SYNTAX SEQUENCE OF SctpAssocRemAddrEntry 1278 MAX-ACCESS not-accessible 1279 STATUS current 1280 DESCRIPTION 1281 "Expanded table of sctpAssocTable based on the AssocId index. 1282 This table shows data related to each remote peer IP address 1283 which is used by this association." 1285 ::= { sctpObjects 5 } 1287 sctpAssocRemAddrEntry OBJECT-TYPE 1288 SYNTAX SctpAssocRemAddrEntry 1289 MAX-ACCESS not-accessible 1290 STATUS current 1291 DESCRIPTION 1292 "Information about the most important variables for every 1293 remote IP address. There will be an entry for every remote IP 1294 address defined for this association. 1296 Implementors need to be aware that if the size of 1297 sctpAssocRemAddr exceeds 114 octets then OIDs of column 1298 instances in this table will have more than 128 sub- 1299 identifiers and cannot be accessed using SNMPv1, SNMPv2c, or 1300 SNMPv3." 1301 INDEX { sctpAssocId, -- shared index 1302 sctpAssocRemAddrType, 1303 sctpAssocRemAddr } 1305 ::= { sctpAssocRemAddrTable 1 } 1307 SctpAssocRemAddrEntry ::= SEQUENCE { 1308 sctpAssocRemAddrType InetAddressType, 1309 sctpAssocRemAddr InetAddress, 1310 sctpAssocRemAddrActive TruthValue, 1311 sctpAssocRemAddrHBActive TruthValue, 1312 sctpAssocRemAddrRTO Unsigned32, 1313 sctpAssocRemAddrMaxPathRtx Unsigned32, 1314 sctpAssocRemAddrRtx Counter32, -- Statistic 1315 sctpAssocRemAddrStartTime TimeStamp 1316 } 1318 sctpAssocRemAddrType OBJECT-TYPE 1319 SYNTAX InetAddressType 1320 MAX-ACCESS not-accessible 1321 STATUS current 1322 DESCRIPTION 1323 "Internet type of a remote IP address available for this 1324 association." 1325 ::= { sctpAssocRemAddrEntry 1 } 1327 sctpAssocRemAddr OBJECT-TYPE 1328 SYNTAX InetAddress 1329 MAX-ACCESS not-accessible 1330 STATUS current 1331 DESCRIPTION 1332 "The value of a remote IP address available for this 1333 association. The type of this address is determined by the 1334 value of sctpAssocLocalAddrType." 1336 ::= { sctpAssocRemAddrEntry 2 } 1338 sctpAssocRemAddrActive OBJECT-TYPE 1339 SYNTAX TruthValue 1340 MAX-ACCESS read-only 1341 STATUS current 1342 DESCRIPTION 1343 "This object gives information about the reachability of this 1344 specific remote IP address. 1346 When the object is set to 'true' (1), the remote IP address is 1347 understood as Active. Active means that the threshold of no 1348 answers received from this IP address has not been reached. 1350 When the object is set to 'false' (2), the remote IP address 1351 is understood as Inactive. Inactive means that either no 1352 heartbeat or any other message was received from this address, 1353 reaching the threshold defined by the protocol." 1355 REFERENCE 1356 "The remote transport states are defined as Active and 1357 Inactive in the SCTP, RFC2960." 1359 ::= { sctpAssocRemAddrEntry 3 } 1361 sctpAssocRemAddrHBActive OBJECT-TYPE 1362 SYNTAX TruthValue 1363 MAX-ACCESS read-only 1364 STATUS current 1365 DESCRIPTION 1366 "This object indicates whether the optional Heartbeat check 1367 associated to one destination transport address is activated 1368 or not (value equal to true or false, respectively). " 1370 ::= { sctpAssocRemAddrEntry 4 } 1372 sctpAssocRemAddrRTO OBJECT-TYPE -- T3-rtx- Timer 1373 SYNTAX Unsigned32 1374 UNITS "milliseconds" 1375 MAX-ACCESS read-only 1376 STATUS current 1377 DESCRIPTION 1378 "The current Retransmission Timeout. T3-rtx timer as defined 1379 in the protocol SCTP." 1380 REFERENCE 1381 "Section 6.3 in RFC2960 deals with the Retransmission Timer 1382 Management." 1384 ::= { sctpAssocRemAddrEntry 5 } 1386 sctpAssocRemAddrMaxPathRtx OBJECT-TYPE 1387 SYNTAX Unsigned32 1388 MAX-ACCESS read-only 1389 STATUS current 1390 DESCRIPTION 1391 "Maximum number of DATA chunks retransmissions allowed to a 1392 remote IP address before it is considered inactive, as defined 1393 in RFC2960." 1394 REFERENCE 1395 "Section 8.2, 8.3 and 14 in RFC2960." 1396 DEFVAL {5} -- number of attempts 1398 ::= { sctpAssocRemAddrEntry 6 } 1400 -- Remote Address Statistic 1402 sctpAssocRemAddrRtx OBJECT-TYPE 1403 SYNTAX Counter32 1404 MAX-ACCESS read-only 1405 STATUS current 1406 DESCRIPTION 1407 "Number of DATA chunks retransmissions to this specific IP 1408 address. When T3-rtx expires, the DATA chunk that triggered 1409 the T3 timer will be re-sent according to the retransmissions 1410 rules. Every DATA chunk that is included in a SCTP packet and 1411 was transmitted to this specific IP address before, will be 1412 included in this counter. 1414 Discontinuities in the value of this counter can occur at re- 1415 initialization of the management system, and at other times as 1416 indicated by the value of sctpAssocDiscontinuityTime." 1418 ::= { sctpAssocRemAddrEntry 7 } 1420 sctpAssocRemAddrStartTime OBJECT-TYPE 1421 SYNTAX TimeStamp 1422 MAX-ACCESS read-only 1423 STATUS current 1424 DESCRIPTION 1425 "The value of sysUpTime at the time that this row was 1426 created." 1428 ::= { sctpAssocRemAddrEntry 8 } 1430 -- ASSOCIATION INVERSE TABLE 1431 -- ************************* 1433 -- BY LOCAL PORT 1435 sctpLookupLocalPortTable OBJECT-TYPE 1436 SYNTAX SEQUENCE OF SctpLookupLocalPortEntry 1437 MAX-ACCESS not-accessible 1438 STATUS current 1439 DESCRIPTION 1440 "With the use of this table, a list of associations which are 1441 using the specified local port can be retrieved." 1443 ::= { sctpObjects 6 } 1445 sctpLookupLocalPortEntry OBJECT-TYPE 1446 SYNTAX SctpLookupLocalPortEntry 1447 MAX-ACCESS not-accessible 1448 STATUS current 1449 DESCRIPTION 1450 "This table is indexed by local port and association ID. 1451 Specifying a local port, we would get a list of the 1452 associations whose local port is the one specified." 1454 INDEX { sctpAssocLocalPort, 1455 sctpAssocId } 1457 ::= { sctpLookupLocalPortTable 1 } 1459 SctpLookupLocalPortEntry::= SEQUENCE { 1460 sctpLookupLocalPortStartTime TimeStamp 1461 } 1463 sctpLookupLocalPortStartTime OBJECT-TYPE 1464 SYNTAX TimeStamp 1465 MAX-ACCESS read-only 1466 STATUS current 1467 DESCRIPTION 1468 "The value of sysUpTime at the time that this row was created. 1470 As the table will be created after the sctpAssocTable 1471 creation, this value could be equal to the sctpAssocStartTime 1472 object from the main table." 1474 ::= { sctpLookupLocalPortEntry 1 } 1476 -- BY REMOTE PORT 1478 sctpLookupRemPortTable OBJECT-TYPE 1479 SYNTAX SEQUENCE OF SctpLookupRemPortEntry 1480 MAX-ACCESS not-accessible 1481 STATUS current 1482 DESCRIPTION 1483 "With the use of this table, a list of associations which are 1484 using the specified remote port can be got" 1486 ::= { sctpObjects 7 } 1488 sctpLookupRemPortEntry OBJECT-TYPE 1489 SYNTAX SctpLookupRemPortEntry 1490 MAX-ACCESS not-accessible 1491 STATUS current 1492 DESCRIPTION 1493 "This table is indexed by remote port and association ID. 1494 Specifying a remote port we would get a list of the 1495 associations whose local port is the one specified " 1497 INDEX { sctpAssocRemPort, 1498 sctpAssocId } 1500 ::= { sctpLookupRemPortTable 1 } 1502 SctpLookupRemPortEntry::= SEQUENCE { 1503 sctpLookupRemPortStartTime TimeStamp 1504 } 1506 sctpLookupRemPortStartTime OBJECT-TYPE 1507 SYNTAX TimeStamp 1508 MAX-ACCESS read-only 1509 STATUS current 1510 DESCRIPTION 1511 "The value of sysUpTime at the time that this row was created. 1513 As the table will be created after the sctpAssocTable 1514 creation, this value could be equal to the sctpAssocStartTime 1515 object from the main table." 1517 ::= { sctpLookupRemPortEntry 1 } 1519 -- BY REMOTE HOST NAME 1521 sctpLookupRemHostNameTable OBJECT-TYPE 1522 SYNTAX SEQUENCE OF SctpLookupRemHostNameEntry 1523 MAX-ACCESS not-accessible 1524 STATUS current 1525 DESCRIPTION 1526 "With the use of this table, a list of associations with that 1527 particular host can be retrieved." 1529 ::= { sctpObjects 8 } 1531 sctpLookupRemHostNameEntry OBJECT-TYPE 1532 SYNTAX SctpLookupRemHostNameEntry 1533 MAX-ACCESS not-accessible 1534 STATUS current 1535 DESCRIPTION 1536 "This table is indexed by remote host name and association ID. 1537 Specifying a host name we would get a list of the associations 1538 specifying that host name as the remote one. 1540 Implementors need to be aware that if the size of 1541 sctpAssocRemHostName exceeds 115 octets then OIDs of column 1542 instances in this table will have more than 128 sub- 1543 identifiers and cannot be accessed using SNMPv1, SNMPv2c, or 1544 SNMPv3." 1546 INDEX { sctpAssocRemHostName, 1547 sctpAssocId } 1549 ::= { sctpLookupRemHostNameTable 1 } 1551 SctpLookupRemHostNameEntry::= SEQUENCE { 1552 sctpLookupRemHostNameStartTime TimeStamp 1553 } 1555 sctpLookupRemHostNameStartTime OBJECT-TYPE 1556 SYNTAX TimeStamp 1557 MAX-ACCESS read-only 1558 STATUS current 1559 DESCRIPTION 1560 "The value of sysUpTime at the time that this row was created. 1562 As the table will be created after the sctpAssocTable 1563 creation, this value could be equal to the sctpAssocStartTime 1564 object from the main table." 1566 ::= { sctpLookupRemHostNameEntry 1 } 1568 -- BY REMOTE PRIMARY IP ADDRESS 1570 sctpLookupRemPrimIPAddrTable OBJECT-TYPE 1571 SYNTAX SEQUENCE OF SctpLookupRemPrimIPAddrEntry 1572 MAX-ACCESS not-accessible 1573 STATUS current 1574 DESCRIPTION 1575 "With the use of this table, a list of associations that have 1576 the specified IP address as primary within the remote set of 1577 active addresses can be retrieved." 1579 ::= { sctpObjects 9 } 1581 sctpLookupRemPrimIPAddrEntry OBJECT-TYPE 1582 SYNTAX SctpLookupRemPrimIPAddrEntry 1583 MAX-ACCESS not-accessible 1584 STATUS current 1585 DESCRIPTION 1586 "This table is indexed by primary address and association ID. 1587 Specifying a primary address, we would get a list of the 1588 associations that have the specified remote IP address marked 1589 as primary. 1590 Implementors need to be aware that if the size of 1591 sctpAssocRemPrimAddr exceeds 114 octets then OIDs of column 1592 instances in this table will have more than 128 sub- 1593 identifiers and cannot be accessed using SNMPv1, SNMPv2c, or 1594 SNMPv3." 1596 INDEX { sctpAssocRemPrimAddrType, 1597 sctpAssocRemPrimAddr, 1598 sctpAssocId } 1600 ::= { sctpLookupRemPrimIPAddrTable 1 } 1602 SctpLookupRemPrimIPAddrEntry::= SEQUENCE { 1603 sctpLookupRemPrimIPAddrStartTime TimeStamp 1604 } 1606 sctpLookupRemPrimIPAddrStartTime OBJECT-TYPE 1607 SYNTAX TimeStamp 1608 MAX-ACCESS read-only 1609 STATUS current 1610 DESCRIPTION 1611 "The value of SysUpTime at the time that this row was created. 1613 As the table will be created after the sctpAssocTable 1614 creation, this value could be equal to the sctpAssocStartTime 1615 object from the main table." 1617 ::= { sctpLookupRemPrimIPAddrEntry 1 } 1619 -- BY REMOTE IP ADDRESS 1621 sctpLookupRemIPAddrTable OBJECT-TYPE 1622 SYNTAX SEQUENCE OF SctpLookupRemIPAddrEntry 1623 MAX-ACCESS not-accessible 1624 STATUS current 1625 DESCRIPTION 1626 "With the use of this table, a list of associations that have 1627 the specified IP address as one of the remote ones can be 1628 retrieved. " 1630 ::= { sctpObjects 10 } 1632 sctpLookupRemIPAddrEntry OBJECT-TYPE 1633 SYNTAX SctpLookupRemIPAddrEntry 1634 MAX-ACCESS not-accessible 1635 STATUS current 1636 DESCRIPTION 1637 "This table is indexed by a remote IP address and association 1638 ID. Specifying an IP address we would get a list of the 1639 associations that have the specified IP address included 1640 within the set of remote IP addresses." 1642 INDEX { sctpAssocRemAddrType, 1643 sctpAssocRemAddr, 1644 sctpAssocId } 1646 ::= { sctpLookupRemIPAddrTable 1 } 1648 SctpLookupRemIPAddrEntry::= SEQUENCE { 1649 sctpLookupRemIPAddrStartTime TimeStamp 1650 } 1652 sctpLookupRemIPAddrStartTime OBJECT-TYPE 1653 SYNTAX TimeStamp 1654 MAX-ACCESS read-only 1655 STATUS current 1656 DESCRIPTION 1657 "The value of SysUpTime at the time that this row was created. 1659 As the table will be created after the sctpAssocTable 1660 creation, this value could be equal to the sctpAssocStartTime 1661 object from the main table." 1663 ::= { sctpLookupRemIPAddrEntry 1 } 1665 -- 4.1 Conformance Information 1667 sctpMibConformance OBJECT IDENTIFIER ::= { sctpMIB 2 } 1668 sctpMibCompliances OBJECT IDENTIFIER ::= { sctpMibConformance 1 } 1669 sctpMibGroups OBJECT IDENTIFIER ::= { sctpMibConformance 2 } 1671 -- 4.1.1 Units of conformance 1673 -- 1674 -- MODULE GROUPS 1675 -- 1677 sctpLayerParamsGroup OBJECT-GROUP 1678 OBJECTS { sctpRtoAlgorithm, 1679 sctpRtoMin, 1680 sctpRtoMax, 1681 sctpRtoInitial, 1682 sctpMaxAssocs, 1683 sctpValCookieLife, 1684 sctpMaxInitRetr 1685 } 1687 STATUS current 1688 DESCRIPTION 1689 "Common parameters for the SCTP layer, i.e. for all the 1690 associations. They can usually be referred to as configuration 1691 parameters." 1693 ::= { sctpMibGroups 1 } 1695 sctpStatsGroup OBJECT-GROUP 1696 OBJECTS { sctpCurrEstab, 1697 sctpActiveEstabs, 1698 sctpPassiveEstabs, 1699 sctpAborteds, 1700 sctpShutdowns, 1701 sctpOutOfBlues, 1702 sctpChecksumErrors, 1703 sctpOutCtrlChunks, 1704 sctpOutOrderChunks, 1705 sctpOutUnorderChunks, 1706 sctpInCtrlChunks, 1707 sctpInOrderChunks, 1708 sctpInUnorderChunks, 1709 sctpFragUsrMsgs, 1710 sctpReasmUsrMsgs, 1711 sctpOutSCTPPacks, 1712 sctpInSCTPPacks, 1713 sctpDiscontinuityTime, 1714 sctpAssocT1expireds, 1715 sctpAssocT2expireds, 1716 sctpAssocRtxChunks, 1717 sctpAssocRemAddrRtx 1718 } 1720 STATUS current 1721 DESCRIPTION 1722 "Statistics group. It includes the objects to collect state 1723 changes in the SCTP protocol local layer and flow control 1724 statistics." 1726 ::= { sctpMibGroups 2 } 1728 sctpPerAssocParamsGroup OBJECT-GROUP 1729 OBJECTS { sctpAssocRemHostName, 1730 sctpAssocLocalPort, 1731 sctpAssocRemPort, 1732 sctpAssocRemPrimAddrType, 1733 sctpAssocRemPrimAddr, 1734 sctpAssocHeartBeatInterval, 1735 sctpAssocState, 1736 sctpAssocInStreams, 1737 sctpAssocOutStreams, 1738 sctpAssocMaxRetr, 1739 sctpAssocPrimProcess, 1740 sctpAssocStartTime, 1741 sctpAssocDiscontinuityTime, 1742 sctpAssocLocalAddrStartTime, 1743 sctpAssocRemAddrActive, 1744 sctpAssocRemAddrHBActive, 1745 sctpAssocRemAddrRTO, 1746 sctpAssocRemAddrMaxPathRtx, 1747 sctpAssocRemAddrStartTime 1748 } 1750 STATUS current 1751 DESCRIPTION 1752 "The SCTP group of objects to manage per-association 1753 parameters. These variables include all the SCTP basic 1754 features." 1756 ::= { sctpMibGroups 3 } 1758 sctpPerAssocStatsGroup OBJECT-GROUP 1759 OBJECTS 1760 { sctpAssocT1expireds, 1761 sctpAssocT2expireds, 1762 sctpAssocRtxChunks, 1763 sctpAssocRemAddrRtx 1764 } 1766 STATUS current 1767 DESCRIPTION 1768 "Per Association Statistics group. It includes the objects to 1769 collect flow control statistics per association." 1771 ::= { sctpMibGroups 4 } 1773 sctpInverseGroup OBJECT-GROUP 1774 OBJECTS { sctpLookupLocalPortStartTime, 1775 sctpLookupRemPortStartTime, 1776 sctpLookupRemHostNameStartTime, 1777 sctpLookupRemPrimIPAddrStartTime, 1778 sctpLookupRemIPAddrStartTime 1779 } 1781 STATUS current 1782 DESCRIPTION 1783 "Objects used in the inverse lookup tables." 1785 ::= { sctpMibGroups 5 } 1787 -- 4.1.2 Compliance Statements 1789 -- 1790 -- MODULE COMPLIANCES 1791 -- 1792 sctpMibCompliance MODULE-COMPLIANCE 1793 STATUS current 1794 DESCRIPTION 1795 "The compliance statement for SNMP entities which implement 1796 this SCTP MIB Module. 1798 There are a number of INDEX objects that cannot be represented 1799 in the form of OBJECT clauses in SMIv2, but for which we have 1800 the following compliance requirements, expressed in OBJECT 1801 clause form in this description clause: 1803 -- OBJECT sctpAssocLocalAddrType 1804 -- SYNTAX InetAddressType {ipv4(1), ipv6(2)} 1805 -- DESCRIPTION 1806 -- It is only required to have IPv4 and IPv6 addresses without 1807 -- zone indices. 1808 -- The address with zone indices is required if an 1809 -- implementation can connect multiple zones. 1810 -- 1811 -- OBJECT sctpAssocLocalAddr 1812 -- SYNTAX InetAddress (SIZE(4|16)) 1813 -- DESCRIPTION 1814 -- An implementation is only required to support globally 1815 -- unique IPv4 and IPv6 addresses. 1816 -- 1817 -- OBJECT sctpAssocRemAddrType 1818 -- SYNTAX InetAddressType {ipv4(1), ipv6(2)} 1819 -- DESCRIPTION 1820 -- It is only required to have IPv4 and IPv6 addresses without 1821 -- zone indices. 1822 -- The address with zone indices is required if an 1823 -- implementation can connect multiple zones. 1824 -- 1825 -- OBJECT sctpAssocRemAddr 1826 -- SYNTAX InetAddress (SIZE(4|16)) 1827 -- DESCRIPTION 1828 -- An implementation is only required to support globally 1829 -- unique IPv4 and IPv6 addresses. 1830 -- 1831 " -- closes DESCRIPTION clause of MODULE-COMPLIANCE 1833 MODULE -- this module 1835 MANDATORY-GROUPS { sctpLayerParamsGroup, 1836 sctpPerAssocParamsGroup, 1837 sctpStatsGroup, 1838 sctpPerAssocStatsGroup 1839 } 1841 OBJECT sctpAssocRemPrimAddrType 1842 SYNTAX InetAddressType { ipv4(1), 1843 ipv6(2) 1844 } 1845 DESCRIPTION 1846 "It is only required to have IPv4 and IPv6 addresses 1847 without zone indices. 1849 The address with zone indices is required if an 1850 implementation can connect multiple zones." 1852 OBJECT sctpAssocRemPrimAddr 1853 SYNTAX InetAddress (SIZE(4|16)) 1854 DESCRIPTION 1855 "An implementation is only required to support globally 1856 unique IPv4 and globally unique IPv6 addresses." 1858 OBJECT sctpAssocState 1859 WRITE-SYNTAX INTEGER { deleteTCB(9) } 1860 MIN-ACCESS read-only 1861 DESCRIPTION 1862 "Only the deleteTCB(9) value MAY be set by a management 1863 station at most. A read-only option is also considered to 1864 be compliant with this MIB module description." 1866 GROUP sctpInverseGroup 1867 DESCRIPTION 1868 "Objects used in inverse lookup tables. This should be 1869 implemented, at the discretion of the implementers, for 1870 easier lookups in the association tables" 1872 ::= { sctpMibCompliances 1 } 1874 END 1876 5. Compiling Notes 1878 When compiling the MIB module warnings similar to the following may 1879 occur: 1881 - warning: index of row `sctpAssocLocalAddrEntry' can exceed OID 1882 size limit by 141 subidentifier(s) 1883 - warning: index of row `sctpAssocRemAddrEntry' can exceed OID 1884 size limit by 141 subidentifier(s) 1886 - warning: index of row `sctpLookupRemHostNameEntry' can exceed 1887 OID size limit by 140 subidentifier(s) 1888 - warning: index of row `sctpLookupRemPrimIPAddrEntry' can exceed 1889 OID size limit by 141 subidentifier(s) 1890 - warning: index of row `sctpLookupRemIPAddrEntry' can exceed OID 1891 size limit by 141 subidentifier(s) 1893 These warnings are due to the fact that the row objects have index 1894 objects of type InetAddress or OCTET STRING whose size limit is 255 1895 octets, and if that size limit were reached the names of column 1896 instances in those rows would exceed the 128 sub-identifier limit 1897 imposed by current versions of the SNMP. Actual limitations for the 1898 index object sizes are noted in the conceptual row DESCRIPTION 1899 clauses. For the InetAddress index objects these size limits will 1900 not be reached with any of the address types in current use. 1902 6. References 1904 6.1 Normative References 1906 [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1907 Rose, M., and S. Waldbusser, "Structure of Management 1908 Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 1910 [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1911 Rose, M., and S. Waldbusser, "Textual Conventions for SMIv2", 1912 STD 58, RFC 2579, April 1999. 1914 [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., 1915 Rose, M., and S. Waldbusser, "Conformance Statements for 1916 SMIv2", STD 58, RFC 2580, April 1999. 1918 [RFC2960] R. Stewart, Q. Xie, K. Morneault, C. Sharp, H. J. 1919 Schwarzbauer, T. Taylor, I. Rytina, M. Kalla, L. Zhang, V. 1920 Paxson, "Stream Control Transmission Protocol", October 2000. 1922 [RFC3291] M. Daniele, B. Haberman, S. Routhier, J. Schoenwaelder, 1923 "Textual Conventions for Internet Network Addresses", May 2002. 1925 [RFC3309] R. Stewart, J. Stone, D. Otis, " Stream Control 1926 Transmission Protocol (SCTP) Checksum Change", September 2002. 1928 [sctpImplem] R. Stewart, L. Ong, I. Arias-Rodriguez, A. Caro, M. 1929 Tuexen, "Stream Control Transmission Protocol (SCTP) 1930 Implementers Guide", January 18, 2002, draft-ietf-tsvwg- 1931 sctpimpguide-07.txt, work in progress 1933 6.1 Informative References 1935 [RFC1213] Rose, M. and K. McCloghrie, "Management Information Base 1936 for Network Management of TCP/IP-based internets", RFC 1937 1213,March 1991. 1939 [RFC2012] K. McCloghrie, "SNMPv2 Management Information Base for the 1940 Transmission Control Protocol using SMIv2", RFC 2012, November 1941 1996. 1943 [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, 1944 "Introduction and Applicability Statements for Internet- 1945 Standard Management Framework", RFC 3410, December 2002. 1947 [VANJ] Jacobson, V., "Congestion Avoidance and Control", SIGCOMM 1948 1988, Stanford, California. 1950 [IPv6ARCH] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., Onoe, 1951 A. and B. Zill, "IPv6 Scoped Address Architecture", draft- 1952 ietf-ipngwg-scoping-arch-04.txt, December 2002. Work in 1953 progress. 1955 [TCPMIB] Bill Fenner, Keith McCloghrie, Rajiv Raghunarayan, Juergen 1956 Schoenwalder, "Management Information Base for the Transmission 1957 Control Protocol (TCP) ", draft-ietf-ipv6-rfc2012-update-01.txt 1958 , November 2002. Work in progress. 1960 [UDPMIB] Bill Fenner, "Management Information Base for User Datagram 1961 Protocol (UDP), draft-ietf-ipv6-rfc2013-update-00.txt, June 1962 2002. Work in progress. 1964 [MIBGUIDE] Heard, "Guidelines for MIB Authors and Reviewers", draft- 1965 ietf-ops-mib-review-guidelines-01.txt, February 2003. Work in 1966 progress 1968 7. Security Considerations 1970 There are management objects defined in this MIB that have a 1971 MAX-ACCESS clause of read-write and/or read-create. Such objects may 1972 be considered sensitive or vulnerable in some network environments. 1973 The support for SET operations in a non-secure environment without 1974 proper protection can have a negative effect on network operations. 1975 These are the tables and objects and their sensitivity/vulnerability: 1977 o The sctpAssocState object has a MAX-ACCESS clause of read-write, 1978 which allows termination of an arbitrary connection. Unauthorized 1979 access could cause a denial of service. 1981 Some of the readable objects in this MIB module (i.e., objects with a 1982 MAX-ACCESS other than not-accessible) may be considered sensitive or 1983 vulnerable in some network environments. It is thus important to 1984 control even GET and/or NOTIFY access to these objects and possibly 1985 to even encrypt the values of these objects when sending them over 1986 the network via SNMP. These are the tables and objects and their 1987 sensitivity/vulnerability: 1989 o The sctpAssocTable, sctpAssocLocalAddressTable, 1990 sctpAssocRemAddressTable and the lookup tables contain objects 1991 providing information on the active associations on the device, local 1992 and peer's IP addresses, the status of these associations and the 1993 associated processes. This information may be used by an attacker to 1994 launch attacks against known/unknown weakness in certain protocols / 1995 applications. 1997 o The sctpAssocTable contains objects providing information on local 1998 and remote ports objects, that can be used to identify what ports are 1999 open on the machine and can thus suggest what attacks are likely to 2000 succeed, without the attacker having to run a port scanner. 2002 SNMP versions prior to SNMPv3 did not include adequate security. 2003 Even if the network itself is secure (for example by using IPSec), 2004 even then, there is no control as to who on the secure network is 2005 allowed to access and GET/SET (read/change/create/delete) the objects 2006 in this MIB module. 2008 It is RECOMMENDED that implementers consider the security features as 2009 provided by the SNMPv3 framework (see [RFC3410], section 8), 2010 including full support for the SNMPv3 cryptographic mechanisms (for 2011 authentication and privacy). 2013 Further, deployment of SNMP versions prior to SNMPv3 is NOT 2014 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 2015 enable cryptographic security. It is then a customer/operator 2016 responsibility to ensure that the SNMP entity giving access to an 2017 instance of this MIB module is properly configured to give access to 2018 the objects only to those principals (users) that have legitimate 2019 rights to indeed GET or SET (change/create/delete) them. 2021 The above objects also have privacy implications, i.e., they disclose 2022 who is connecting to what hosts. These are sensitive from a 2023 perspective of preventing traffic analysis, and also to protect 2024 individual privacy. 2026 8. Acknowledgments 2027 The authors wish to thank Juergen Schoenwaelder, David Partain, Shawn 2028 A. Routhier, Ed Yarwood, John Linton, Shyamal Prasad, Juan-Francisco 2029 Martin, Dave Thaler, and Bert Wijnen for their invaluable comments. 2031 9. Authors' Addresses 2033 Javier Pastor-Balbas Tel: +34-91-339-3819 2034 Ericsson Espana S.A. eMail: J.Javier.Pastor@ericsson.com 2035 Network Signaling System Management 2036 Via de los Poblados 13 2037 Madrid, 28033 2038 Spain 2040 Maria-Carmen Belinchon Tel: +34-91-339-3535 2041 Ericsson Espana S.A. eMail: Maria.C.Belinchon@ericsson.com 2042 Network Signaling System Management 2043 Via de los Poblados 13 2044 Madrid, 28033 2045 Spain 2047 Full Copyright Statement 2049 Copyright (C) The Internet Society (2003). All Rights Reserved. 2051 This document and translations of it may be copied and furnished to 2052 others, and derivative works that comment on or otherwise explain it or 2053 assist in its implementation may be prepared, copied, published and 2054 distributed, in whole or in part, without restriction of any kind, 2055 provided that the above copyright notice and this paragraph are included 2056 on all such copies and derivative works. However, this document itself 2057 may not be modified in any way, such as by removing the copyright notice 2058 or references to the Internet Society or other Internet organizations, 2059 except as needed for the purpose of developing Internet standards in 2060 which case the procedures for copyrights defined in the Internet 2061 Standards process must be followed, or as required to translate it into 2062 languages other than English. 2064 The limited permissions granted above are perpetual and will not be 2065 revoked by the Internet Society or its successors or assigns. 2067 This document and the information contained herein is provided on an "AS 2068 IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK 2069 FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT 2070 LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT 2071 INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR 2072 FITNESS FOR A PARTICULAR PURPOSE.