idnits 2.17.1 draft-ietf-softwire-dslite-mib-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (July 11, 2012) is 4300 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 6333' is mentioned on line 75, but not defined == Unused Reference: 'RFC6333' is defined on line 1312, but no explicit reference was found in the text == Unused Reference: 'I-D.ietf-softwire-gateway-init-ds-lite' is defined on line 1318, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) Summary: 1 error (**), 0 flaws (~~), 5 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Softwire Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track Huawei Technologies Co., Ltd 4 Expires: January 14, 2013 J. Dong 5 Y. Chen 6 Tsinghua University 7 July 11, 2012 9 DS-Lite Management Information Base (MIB) 10 draft-ietf-softwire-dslite-mib-00 12 Status of this Memo 14 This Internet-Draft is submitted in full conformance with the 15 provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF). Note that other groups may also distribute working 19 documents as Internet-Drafts. The list of current Internet-Drafts is 20 at http://datatracker.ietf.org/drafts/current/. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 This Internet-Draft will expire on January 14, 2013. 29 Copyright Notice 31 Copyright (c) 2012 IETF Trust and the persons identified as the 32 document authors. All rights reserved. 34 This document is subject to BCP 78 and the IETF Trust's Legal 35 Provisions Relating to IETF Documents 36 (http://trustee.ietf.org/license-info) in effect on the date of 37 publication of this document. Please review these documents 38 carefully, as they describe your rights and restrictions with respect 39 to this document. Code Components extracted from this document must 40 include Simplified BSD License text as described in Section 4.e of 41 the Trust Legal Provisions and are provided without warranty as 42 described in the Simplified BSD License. 44 Abstract 46 This memo defines a portion of the Management Information Base (MIB) for 47 using with network management protocols in the Internet community. In 48 particular, it defines managed objects for DS-Lite. 50 Table of Contents 52 1. Introduction ................................................. 3 53 2. The Internet-Standard Management Framework ................... 3 54 3. Terminology .................................................. 3 55 4. Difference from the IP tunnel MIB and NAT MIB ................ 3 56 5. Relationship to the IF-MIB ................................... 5 57 6. Structure of the MIB Module .................................. 5 58 6.1. The dsliteTunnel Subtree ................................ 5 59 6.2. The dsliteNAT Subtree ................................... 5 60 6.3. The dsliteInfo Subtree .................................. 6 61 6.4. The dsliteTrap Subtree .................................. 6 62 6.5. The dsliteConformance Subtree ........................... 6 63 7. MIB modules required for IMPORTS ............................. 6 64 8. Definitions .................................................. 6 65 9. Extending this MIB for Gateway Initiated Dual-Stack Lite..... 27 66 10. IANA Considerations ........................................ 27 67 11. Security Consideration ..................................... 28 68 12. References ................................................. 28 69 12.1. Normative References .................................. 28 70 12.2. Informative References ................................ 29 71 Author's Addresses ............................................. 30 73 1. Introduction 75 Dual-Stack Lite [RFC 6333] is a solution to offer both IPv4 and IPv6 76 connectivity to customers crossing IPv6 only infrastructure. One of 77 its key components is an IPv4-over-IPv6 tunnel, which is used to 78 provide IPv4 connection across service provider IPv6 network. Another 79 key component is a carrier-grade IPv4-IPv4 NAT to share service 80 provider IPv4 addresses among customers. 82 This document defines a portion of the Management Information Base 83 (MIB) for use with network management protocols in the Internet 84 community. This MIB module may be used for configuration and 85 monitoring the devices in the Dual-Stack Lite scenario. 86 This MIB also can be extended to the application for Gateway 87 Initiated Dual-Stack Lite. 89 2. The Internet-Standard Management Framework 91 For a detailed overview of the documents that describe the current 92 Internet-Standard Management Framework, please refer to section 7 of 93 [RFC3410]. 95 Managed objects are accessed via a virtual information store, termed 96 the MIB. MIB objects are generally accessed through the Simple 97 Network Management Protocol (SNMP). 99 Objects in the MIB are defined using the mechanisms defined in the 100 Structure of Management Information (SMI). This memo specifies a MIB 101 module that is compliant to the SMIv2, which is described in 102 [RFC2578], [RFC2579] and [RFC2580]. 104 3. Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in [RFC2119]. 110 4. Difference from the IP tunnel MIB and NAT MIB 112 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnel 113 and NAT (IPv4 to IPv4 translation). 115 Notes: According to the section 5.2 of RFC6333, DS-Lite only defines 116 IPv4 in IPv6 tunnels at this moment, but other types of encapsulation 117 could be defined in the future. So this DS-Lite MIB only support IP 118 in IP encapsulation, if the RFC6333 defined other tunnel types in the 119 future, this DS-Lite MIB will be updated then. 121 The NAT-MIB [RFC4008] is designed to carry translation from any 122 address family to any address family, therefore supports IPv4 to IPv4 123 translation. 125 The tunnel MIB [RFC4087] is designed for managing tunnels of any type 126 over IPv4 and IPv6 networks, therefore supports IP in IP tunnels. 128 However, NAT MIB and tunnel MIB together are not sufficient to 129 support DS-Lite. This document describes the specific MIB 130 requirements for DS-Lite, as below. 132 In DS-Lite scenario, the tunnel type is IP in IP, more 133 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 134 describe tunnel type in DS-Lite MIB. 136 In DS-Lite scenario, the translation type is IPv4 private 137 address to IPv4 public address. Therefore, it is unnecessary to 138 describe the type of address in the corresponding 139 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 140 in DS-Lite MIB. 142 In DS-Lite scenario, the AFTR is not only the tunnel end 143 concentrator, but also a 4-4 translator. Within the AFTR, 144 tunnel information and translation information MUST be mapped 145 each other. Two independent MIB is not able to reflect this 146 mapping relationship. Therefore, a combined MIB is necessary. 148 If the Gateway Initiated Dual-Stack Lite scenario[I-D.ietf- 149 softwire-gateway-init-ds-lite] is required, the MIB defined in 150 this document could be easily extended for GI-DS-Lite. CID 151 (Context Identifier) can be extended to the tunnel MIB to 152 identifier the access devices which have the same IPv4 address. 153 And both CID and SWID (Softwire Identifier) can be extended to 154 the NAT MIB for performing the NAT binding look up. 156 The implementation of the IP Tunnel MIB is required for DS-Lite. The 157 tunnelIfEncapsMethod in the tunnelIfEntry should be set to 158 dsLite("xx"), and corresponding entry in the DS-Lite module will 159 exist for every tunnelIfEntry with this tunnelIfEncapsMethod. The 160 tunnelIfRemoteInetAddress must be set to ::. 162 5. Relationship to the IF-MIB 164 The Interfaces MIB [RFC2863] defines generic managed objects for 165 managing interfaces. Each logical interface (physical or virtual)has 166 an ifEntry. Tunnels are handled by creating a logical interface 167 (ifEntry) for each tunnel. DS-Lite tunnel also acts as a virtual 168 interface, which has corresponding entries in IP Tunnel MIB and 169 Interface MIB. Those corresponding entries are indexed by ifIndex. 171 The ifOperStatus in ifTable would be used to represent whether the 172 DS-Lite tunnel function has been originated. The ifInUcastPkts 173 defined in ifTabel will represent the number of IPv6 packets which 174 have been encapsulated with IPv4 packets in it. The ifOutUcastPkts 175 defined in ifTabel contains the number of IPv6 packets which can be 176 decapsulated to IPv4 in the virtual interface. Also, the IF-MIB 177 defines ifMtu for the MTU of this tunnel interface, so DS-Lite MIB 178 does not need to define the MTU for tunnel. 180 6. Structure of the MIB Module 182 The DS-Lite MIB provides a way to configure and manage the devices 183 (AFTRs)in DS-Lite scenario through SNMP. 185 DS-Lite MIB is configurable on a per-interface basis. It depends on 186 several parts of the IF-MIB [RFC2863], tunnel MIB [RFC4087], and NAT 187 MIB [RFC4008]. 189 6.1. The dsliteTunnel Subtree 191 The dsliteTunnel subtree describes managed objects used for managing 192 tunnels in the DS-Lite scenario. Because some objects defined in 193 Tunnel MIB are not access, a few new objects are defined in DS-Lite 194 MIB. 196 6.2. The dsliteNAT Subtree 198 The dsliteNAT Subtree describes managed objects used for 199 configuration as well as monitoring of AFTR which is capable of NAT 200 function. Because the NAT MIB supports the NAT management function in 201 DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT Subtree also 202 provides the information of mapping relationship between the tunnel 203 MIB and NAT MIB by extending B4 address to the bind table in NAT 204 MIB. 206 6.3. The dsliteInfo Subtree 208 The dsliteInfo Subtree provides the statistical information for DS- 209 lite. 211 6.4. The dsliteTrap Subtree 213 The dsliteTrap Subtree provides trap information in DS-lite instance. 215 6.5. The dsliteConformance Subtree 217 The Subtree provides conformance information of MIB objects. 219 7. MIB modules required for IMPORTS 221 This MIB module IMPORTs objects from [RFC4008], [RFC2580], [RFC2578], 222 [RFC2863], [RFC4001], [RFC3411]. 224 8. Definitions 226 DSLite-MIB DEFFINITIONS ::= BEGIN 228 IMPORTS 229 MODULE-IDENTITY, OBJECT-TYPE, mib-2, transmission, 230 Gauge32, Integer32, Counter64 231 FROM SNMPv2-SMI 233 RowStatus, StorageType, DisplayString 234 FROM SNMPv2-TC 236 ifIndex, InterfaceIndexOrZero 237 FROM IF-MIB 239 IANAtunnelType 240 FROM IANAifType-MIB 242 InetAddress, InetAddressIPv6, InetPortNumber 243 FROM INET-ADDRESS-MIB 245 NatAddrMapId, natAddrMapName, natAddrMapEntryType, 246 natAddrMapLocalAddrFrom, natAddrMapLocalAddrTo, 247 natAddrMapLocalPortFrom, natAddrMapLocalPortTo, 248 natAddrMapGlobalAddrFrom, natAddrMapGlobalAddrTo, 249 natAddrMapGlobalPortFrom, natAddrMapGlobalPortTo 250 natAddrPortBindGlobalAddr, natAddrPortBindGlobalPort, 251 NatBindId, natAddrPortBindSessions, 252 natAddrPortBindMaxIdleTime, natAddrPortBindCurrentIdleTime, 253 natAddrPortBindInTranslates, natAddrPortBindOutTranslates 254 FROM natMIB 256 dsliteMIB MODULE-IDENTITY 257 LAST-UPDATED "201207110000Z" -- July 11, 2012 258 ORGANIZATION "IETF Softwire Working Group" 259 CONTACT-INFO 260 "Yu Fu 261 Huawei Technologies Co., Ltd 262 Huawei Building, 156 Beiqing Rd., Hai-Dian District 263 Beijing, P.R. China 100095 264 EMail: eleven.fuyu@huawei.com 266 Sheng Jiang 267 Huawei Technologies Co., Ltd 268 Huawei Building, 156 Beiqing Rd., Hai-Dian District 269 Beijing, P.R. China 100095 270 EMail: jiangsheng@huawei.com 272 Jiang Dong 273 Tsinghua University 274 Department of Computer Science, Tsinghua University 275 Beijing 100084 276 P.R. China 277 Email: dongjiang @csnet1.cs.tsinghua.edu.cn 279 Yuchi Chen 280 Tsinghua University 281 Department of Computer Science, Tsinghua University 282 Beijing 100084 283 P.R. China 284 Email: flashfoxmx@gmail.com " 286 DESCRIPTION 287 "The MIB module is defined for management of object in the 288 DS-Lite scenario. " 289 ::= { transmission xxx } --xxx to be replaced with correct 290 value 292 dsliteTunnel OBJECT IDENTIFIER 293 :: = { dsliteMIB 1 } 295 dsliteNAT OBJECT IDENTIFIER 296 :: = { dsliteMIB 2 } 298 dsliteInfo OBJECT IDENTIFIER 299 :: = { dsliteMIB 3 } 301 dsliteTraps OBJECT IDENTIFIER 302 ::= { dsliteMIB 4 } 304 --Conformance 305 dsliteConformance OBJECT IDENTIFIER 306 :: = { dsliteMIB 5 } 308 --dsliteTunnel 309 --dsliteTunnelTable 311 dsliteTunnelTable OBJECT-TYPE 312 SYNTAX SEQUENCE OF dsliteTunnelEntry 313 MAX-ACCESS not-accessible 314 STATUS current 315 DESCRIPTION 316 "The (conceptual) table containing information on configured 317 tunnels. This table can be used to map CPE address to the 318 associated AFTR address. It can also be used for row 319 creation." 320 :: = { dsliteTunnel 1 } 322 dsliteTunnelEntry OBJECT-TYPE 323 SYNTAX dsliteTunnelEntry 324 MAX-ACCESS not-accessible 325 STATUS current 326 DESCRIPTION 327 "Each entry in this table contains the information on a 328 particular configured tunnel." 329 INDEX { dsliteTunnelStartAddress, 330 dsliteTunnelEndAddress, 331 ifIndex } 332 :: = { dsliteTunnelTable 1 } 334 dsliteTunnelEntry :: = 335 SEQUENCE { 336 dsliteTunnelStartAddress InetAddressIPv6, 337 dsliteTunnelStartAddPreLen Integer32, 338 dsliteTunnelEndAddress InetAddressIPv6, 339 dsliteTunnelStatus RowStatus, 340 dsliteTunnelStorageType StorageType 341 } 343 dsliteTunnelStartAddress OBJECT-TYPE 344 SYNTAX InetAddressIPv6 345 MAX-ACCESS read-create 346 STATUS current 347 DESCRIPTION 348 "The address of the start point of the tunnel." 349 ::= { dsliteTunnelEntry 1 } 351 dsliteTunnelStartAddPreLen OBJECT-TYPE 352 SYNTAX Integer32 (0..128) 353 MAX-ACCESS read-create 354 STATUS current 355 DESCRIPTION 356 "IPv6 prefix length of the IP address of the 357 start point of the tunnel." 358 ::= { dsliteTunnelEntry 2 } 360 dsliteTunnelEndAddress OBJECT-TYPE 361 SYNTAX InetAddressIPv6 362 MAX-ACCESS read-create 363 STATUS current 364 DESCRIPTION 365 "The address of the endpoint of the tunnel." 366 ::= { dsliteTunnelEntry 3 } 368 dsliteTunnelStatus OBJECT-TYPE 369 SYNTAX RowStatus 370 MAX-ACCESS read-create 371 STATUS current 372 DESCRIPTION 373 "The status of this row, by which new entries may be 374 created, or old entries deleted from this table. 375 ::= { dsliteTunnelEntry 4 } 377 dsliteTunnelStorageType OBJECT-TYPE 378 SYNTAX StorageType 379 MAX-ACCESS read-create 380 STATUS current 381 DESCRIPTION 382 "The storage type of this row. If the row is 383 permanent(4), no objects in the row need be 384 writable." 385 ::= { dsliteTunnelEntry 5 } 387 --dsliteNAT 388 --dsliteNATMapTable(define address pool) 389 --dsliteNATBindTable 391 dsliteNATMapTable OBJECT-TYPE 392 SYNTAX SEQUENCE OF dsliteNATMapEntry 393 MAX-ACCESS not-accessible 394 STATUS current 395 DESCRIPTION 396 "This table contains information about address map 397 parameters." 398 :: = { dsliteNAT 1 } 400 dsliteNATMapEntry OBJECT-TYPE 401 SYNTAX dsliteNATMapEntry 402 MAX-ACCESS not-accessible 403 STATUS current 404 DESCRIPTION 405 " This entry represents an address map to be used for 406 NAT and contributes to the address mapping tables of 407 AFTR." 408 INDEX { ifIndex, 409 dsliteNATMapIndex } 410 :: = { dsliteNATMapTable 1 } 412 dsliteNATMapEntry :: = 413 SEQUENCE { 414 dsliteNATMapIndex NatAddrMapId, 415 dsliteNATMapAddrName natAddrMapName, 416 dsliteNATMapEntryType natAddrMapEntryType, 417 dsliteNATMapLocalAddrFrom natAddrMapLocalAddrFrom, 418 dsliteNATMapLocalAddrTo natAddrMapLocalAddrTo, 419 dsliteNATMapLocalPortFrom natAddrMapLocalPortFrom, 420 dsliteNATMapLocalPortTo natAddrMapLocalPortTo, 421 dsliteNATMapGlobalAddrFrom natAddrMapGlobalAddrFrom, 422 dsliteNATMapGlobalAddrTo natAddrMapGlobalAddrTo, 423 dsliteNATMapGlobalPortFrom natAddrMapGlobalPortFrom, 424 dsliteNATMapGlobalPortTo natAddrMapGlobalPortTo, 425 dsliteNATMapAddrUsed natAddrMapAddrUsed, 426 dsliteNATMapStorageType StorageType, 427 dsliteNATMapRowStatus RowStatus 428 } 430 dsliteNATMapIndex OBJECT-TYPE 431 SYNTAX NatAddrMapId 432 MAX-ACCESS not-accessible 433 STATUS current 434 DESCRIPTION 435 "Along with ifIndex, this object uniquely 436 identifies an entry in the dsliteNATMapTable. 437 Address map entries are applied in the order 438 specified by dsliteNATMapIndex." 439 ::= { dsliteNATMapEntry 1 } 441 dsliteNATMapAddrName OBJECT-TYPE 442 SYNTAX natAddrMapName 443 MAX-ACCESS read-create 444 STATUS current 445 DESCRIPTION 446 "Name identifying all map entries in the table associated 447 with the same interface. All map entries with the same 448 ifIndex MUST have the same map name." 449 ::= { dsliteNATMapEntry 2 } 451 dsliteNATMapEntryType OBJECT-TYPE 452 SYNTAX natAddrMapEntryType 453 MAX-ACCESS read-create 454 STATUS current 455 DESCRIPTION 456 "This parameter can be used to set up static 457 or dynamic address maps." 458 ::= { dsliteNATMapEntry 3 } 460 dsliteNATMapLocalAddrFrom OBJECT-TYPE 461 SYNTAX natAddrMapLocalAddrFrom 462 MAX-ACCESS read-create 463 STATUS current 464 DESCRIPTION 465 "This object specifies the first IP address of the range 466 of IP addresses mapped by this translation entry. 467 The value of this object must be less than or 468 equal to the value of the dsliteNATMapLocalAddrTo 469 object." 470 ::= { dsliteNATMapEntry 4 } 472 dsliteNATMapLocalAddrTo OBJECT-TYPE 473 SYNTAX natAddrMapLocalAddrTo 474 MAX-ACCESS read-create 475 STATUS current 476 DESCRIPTION 477 "This object specifies the last IP address of the range of 478 IP addresses mapped by this translation entry. If only 479 a single address is being mapped, the value of this 480 object is equal to the value of natAddrMapLocalAddrFrom. 481 The value of this object must be greater than or equal to 482 the value of the natAddrMapLocalAddrFrom object." 483 ::= { dsliteNATMapEntry 5 } 485 dsliteNATMapLocalPortFrom OBJECT-TYPE 486 SYNTAX natAddrMapLocalPortFrom 487 MAX-ACCESS read-create 488 STATUS current 489 DESCRIPTION 490 "The value of this object must be less than or equal 491 to the value of the dsliteNATMapLocalPortTo object. 492 If the translation specifies a single port, then the 493 value of this object is equal to the value of 494 dsliteNATMapLocalPortTo." 495 DEFVAL { 0 } 496 ::= { dsliteNATMapEntry 6 } 498 dsliteNATMapLocalPortTo OBJECT-TYPE 499 SYNTAX natAddrMapLocalPortTo 500 MAX-ACCESS read-create 501 STATUS current 502 DESCRIPTION 503 "The value of this object must be greater than or equal 504 to the value of the dsliteNATMapLocalPortFrom object. 505 If the translation specifies a single port, then 506 the value of this object is equal to the value of 507 dsliteNATMapLocalPortFrom." 508 DEFVAL { 0 } 509 ::= { dsliteNATMapEntry 7 } 511 dsliteNATMapGlobalAddrFrom OBJECT-TYPE 512 SYNTAX natAddrMapGlobalAddrFrom 513 MAX-ACCESS read-create 514 STATUS current 515 DESCRIPTION 516 "This object specifies the first IP address of 517 the range of IP addresses being mapped to. 518 The value of this object must be less than 519 or equal to the value of the 520 dsliteNATMapGlobalAddrTo object. 521 ::= { dsliteNATMapEntry 8 } 523 dsliteNATMapGlobalAddrTo OBJECT-TYPE 524 SYNTAX natAddrMapGlobalAddrTo 525 MAX-ACCESS read-create 526 STATUS current 527 DESCRIPTION 528 "This object specifies the last IP address of the range 529 of IP addresses being mapped to. If only a single 530 address is being mapped to, the value of this object 531 is equal to the value of dsliteNATMapGlobalAddrFrom. 532 The value of this object must be greater than or equal 533 to the value of the dsliteNATMapGlobalAddrFrom object. 534 ::= { dsliteNATMapEntry 9 } 536 dsliteNATMapGlobalPortFrom OBJECT-TYPE 537 SYNTAX natAddrMapGlobalPortFrom 538 MAX-ACCESS read-create 539 STATUS current 540 DESCRIPTION 541 "The value of this object must be less than or equal 542 to the value of the dsliteNATMapGlobalPortTo object. 543 If the translation specifies a single port, then the 544 value of this object is equal to the value 545 dsliteNATMapGlobalPortTo." 546 DEFVAL { 0 } 547 ::= { dsliteNATMapEntry 10 } 549 dsliteNATMapGlobalPortTo OBJECT-TYPE 550 SYNTAX natAddrMapGlobalPortTo 551 MAX-ACCESS read-create 552 STATUS current 553 DESCRIPTION 554 "The value of this object must be greater than or 555 equal to the value of the dsliteNATMapGlobalPortFrom 556 object. If the translation specifies a single port, 557 then the value of this object is equal to the 558 value of dsliteNATMapGlobalPortFrom." 559 DEFVAL { 0 } 560 ::= { dsliteNATMapEntry 11 } 562 dsliteNATMapAddrUsed OBJECT-TYPE 563 SYNTAX natAddrMapAddrUsed 564 MAX-ACCESS read-only 565 STATUS current 566 DESCRIPTION 567 "The number of addresses pertaining to this address 568 map that are currently being used from the NAT pool." 569 ::= { dsliteNATMapEntry 12 } 571 dsliteNATMapStorageType OBJECT-TYPE 572 SYNTAX StorageType 573 MAX-ACCESS read-create 574 STATUS current 575 DESCRIPTION 576 "The storage type for this conceptual row. 577 Conceptual rows having the value 'permanent' 578 need not allow write-access to any columnar 579 objects in the row." 580 REFERENCE 581 "Textual Conventions for SMIv2, Section 2." 583 DEFVAL { nonVolatile } 584 ::= { dsliteNATMapEntry 13 } 586 dsliteNATMapRowStatus OBJECT-TYPE 587 SYNTAX RowStatus 588 MAX-ACCESS read-create 589 STATUS current 590 DESCRIPTION 591 "The status of this conceptual row." 592 REFERENCE 593 "Textual Conventions for SMIv2, Section 2." 594 ::= { dsliteNATMapEntry 14 } 596 dsliteNATBindTable OBJECT-TYPE 597 SYNTAX SEQUENCE OF dsliteNATBindEntry 598 MAX-ACCESS not-accessible 599 STATUS current 600 DESCRIPTION 601 "This table contains information about currently 602 active NAT binds in AFTR. This table extends the 603 natAddrPortBindTable designed in NAT MIB (RFC 604 4008) by IPv6 address of B4." 605 :: = { dsliteNAT 2 } 607 dsliteNATBindEntry OBJECT-TYPE 608 SYNTAX dsliteNATBindEntry 609 MAX-ACCESS not-accessible 610 STATUS current 611 DESCRIPTION 612 "Each entry in this table holds the relationship between 613 tunnel information and nat bind information. These entries 614 are lost upon agent restart." 615 INDEX { ifIndex, 616 dsliteNATBindLocalAddr, 617 dsliteNATBindLocalPort, 618 dsliteB4Addr } 619 :: = { dsliteNATBindTable 1 } 621 dsliteNATBindEntry :: = 622 SEQUENCE { 623 dsliteNATBindLocalAddr InetAddress, 624 dsliteNATBindLocalPort InetPortNumber, 625 dsliteNATBindGlobalAddr natAddrPortBindGlobalAddr, 626 dsliteNATBindGlobalPort natAddrPortBindGlobalPort, 627 dsliteNATBindId NatBindId, 628 dsliteB4Addr dsliteTunnelStartAddress, 629 dsliteB4PreLen dsliteTunnelStartAddPreLen, 630 dsliteNATBindMapIndex NatAddrMapId, 631 dsliteNATBindSessions natAddrPortBindSessions, 632 dsliteNATBindMaxIdleTime natAddrPortBindMaxIdleTime, 633 dsliteNATBindCurrentIdleTime natAddrPortBindCurrentIdleTime, 634 dsliteNATBindInTranslates natAddrPortBindInTranslates, 635 dsliteNATBindOutTranslates natAddrPortBindOutTranslates 636 } 638 dsliteNATBindLocalAddr OBJECT-TYPE 639 SYNTAX InetAddress 640 MAX-ACCESS read-create 641 STATUS current 642 DESCRIPTION 643 "This object represents the private IP address of host." 644 ::= { dsliteNATBindEntry 1 } 646 dsliteNATBindLocalPort OBJECT-TYPE 647 SYNTAX InetPortNumber 648 MAX-ACCESS read-create 649 STATUS current 650 DESCRIPTION 651 "This object represents the private-realm Port 652 number of host." 653 ::= { dsliteNATBindEntry 2 } 655 dsliteNATBindGlobalAddr OBJECT-TYPE 656 SYNTAX natAddrPortBindGlobalAddr 657 MAX-ACCESS read-only 658 STATUS current 659 DESCRIPTION 660 "This object represents the public-realm IP 661 address of host." 662 ::= { dsliteNATBindEntry 3 } 664 dsliteNATBindGlobalPort OBJECT-TYPE 665 SYNTAX natAddrPortBindGlobalPort 666 MAX-ACCESS read-only 667 STATUS current 668 DESCRIPTION 669 "This object represents the public-realm Port number 670 of host." 671 ::= { dsliteNATBindEntry 4 } 673 dsliteNATBindId OBJECT-TYPE 674 SYNTAX NatBindId 675 MAX-ACCESS read-only 676 STATUS current 677 DESCRIPTION 678 "This object represents a bind id that is 679 dynamically assigned to each bind by AFTR. 680 Each bind is represented by a unique bind 681 id across the dsliteNATBindTable." 682 ::= { dsliteNATBindEntry 5 } 684 dsliteB4Addr OBJECT-TYPE 685 SYNTAX dsliteTunnelStartAddress 686 MAX-ACCESS read-only 687 STATUS current 688 DESCRIPTION 689 "This object represents the relationship between 690 tunnel start point to the Bind entry, which extends 691 the source IPv6 address of packet to the Bind table." 692 ::= { dsliteNATBindEntry 6 } 694 dsliteB4PreLen OBJECT-TYPE 695 SYNTAX dsliteTunnelStartAddPreLen 696 MAX-ACCESS read-only 697 STATUS current 698 DESCRIPTION 699 "This object indicates the IPv6 prefix length of the 700 start point of tunnel, which is also need to extend to 701 the Bind table." 702 ::= { dsliteNATBindEntry 7 } 704 dsliteNATBindMapIndex OBJECT-TYPE 705 SYNTAX NatAddrMapId 706 MAX-ACCESS read-only 707 STATUS current 708 DESCRIPTION 709 "This object is a pointer to the dsliteNATMapTable 710 entry used in creating this BIND." 711 ::= { dsliteNATBindEntry 8 } 713 dsliteNATBindSessions OBJECT-TYPE 714 SYNTAX natAddrPortBindSessions 715 MAX-ACCESS read-only 716 STATUS current 717 DESCRIPTION 718 " This object represents the number of sessions currently 719 using this BIND." 720 ::= { dsliteNATBindEntry 9 } 722 dsliteNATBindMaxIdleTime OBJECT-TYPE 723 SYNTAX natAddrPortBindMaxIdleTime 724 MAX-ACCESS read-only 725 STATUS current 726 DESCRIPTION 727 "This object indicates the maximum time for 728 which this bind can be idle without any sessions 729 attached to it." 730 ::= { dsliteNATBindEntry 10 } 732 dsliteNATBindCurrentIdleTime OBJECT-TYPE 733 SYNTAX natAddrPortBindCurrentIdleTime 734 MAX-ACCESS read-only 735 STATUS current 736 DESCRIPTION 737 "At any given instance, this object indicates the 738 time that this bind has been idle without any sessions 739 attached to it." 740 ::= { dsliteNATBindEntry 11 } 742 dsliteNATBindInTranslates OBJECT-TYPE 743 SYNTAX natAddrPortBindInTranslates 744 MAX-ACCESS read-only 745 STATUS current 746 DESCRIPTION 747 "The number of inbound packets that were 748 translated as per this bind entry." 749 ::= { dsliteNATBindEntry 12 } 751 dsliteNATBindOutTranslates OBJECT-TYPE 752 SYNTAX natAddrPortBindOutTranslates 753 MAX-ACCESS read-only 754 STATUS current 755 DESCRIPTION 756 "The number of outbound packets that were 757 translated as per this bind entry." 758 ::= { dsliteNATBindEntry 13 } 760 --dsliteInfo 762 dsliteSessionLimitTable OBJECT-TYPE 763 SYNTAX SEQUENCE OF dsliteSessionLimitEntry 764 MAX-ACCESS not-accessible 765 STATUS current 766 DESCRIPTION 767 "The (conceptual) table containing information about session 768 limit. It can also be used for row creation." 769 :: = { dsliteInfo 1 } 771 dsliteSessionLimitEntry OBJECT-TYPE 772 SYNTAX dsliteSessionLimitEntry 773 MAX-ACCESS not-accessible 774 STATUS current 775 DESCRIPTION 776 "Each entry in this table contains the information to be 777 used for configuring session limits for DS-lite." 778 INDEX { dsliteInstanceName, 779 dsliteSessionLimitaType } 780 :: = { dsliteSessionLimitTable 1 } 782 dsliteSessionLimitEntry :: = 783 SEQUENCE { 784 dsliteSessionLimitInstanceName DisplayString, 785 dsliteSessionLimitType INTEGER, 786 dsliteSessionLimitNumber Integer32, 787 dsliteSessionLimitStorageType StorageType, 788 dsliteSessionLimitRowStatus RowStatus 789 } 791 dsliteSessionLimitInstanceName OBJECT-TYPE 792 SYNTAX DisplayString (SIZE (1..31)) 793 MAX-ACCESS read-only 794 STATUS current 795 DESCRIPTION 796 " This object represents the instance name 797 that is limited." 798 ::= { dsliteSessionLimitEntry 1 } 800 dsliteSessionLimitType OBJECT-TYPE 801 SYNTAX INTEGER 802 { 803 tcp(0), 804 udp(1), 805 icmp(2), 806 total(3) 807 } 808 MAX-ACCESS read-only 809 STATUS current 810 DESCRIPTION 811 "This object represents the session limit type : 812 tcp or udp or totally." 813 ::= { dsliteSessionLimitEntry 2 } 815 dsliteSessionLimitNumber OBJECT-TYPE 816 SYNTAX Integer32 (1..65535) 817 MAX-ACCESS read-create 818 STATUS current 819 DESCRIPTION 820 " This table represents the limit number of the session." 821 ::= { dsliteSessionLimitEntry 3 } 823 dsliteSessionLimitStorageType OBJECT-TYPE 824 SYNTAX StorageType 825 MAX-ACCESS read-create 826 STATUS current 827 DESCRIPTION 828 "The storage type for this conceptual row. Conceptual 829 rows having the value 'permanent' need not allow 830 write-access to any columnar objects in the row." 831 ::= { dsliteSessionLimitEntry 4 } 833 dsliteSessionLimitRowStatus OBJECT-TYPE 834 SYNTAX RowStatus 835 MAX-ACCESS read-create 836 STATUS current 837 DESCRIPTION 838 " The status of this conceptual row." 839 REFERENCE 840 "Textual Conventions for SMIv2, Section 2." 841 DEFVAL { nonVolatile } 842 ::= { dsliteSessionLimitEntry 5 } 844 dslitePortLimitTable OBJECT-TYPE 845 SYNTAX SEQUENCE OF dslitePortLimitEntry 846 MAX-ACCESS not-accessible 847 STATUS current 848 DESCRIPTION 849 "This table is used to configure port limits for a 850 DS-Lite instance." 851 ::= { dsliteInfo 2 } 853 dslitePortLimitEntry OBJECT-TYPE 854 SYNTAX dslitePortLimitEntry 855 MAX-ACCESS not-accessible 856 STATUS current 857 DESCRIPTION 858 "Each entry in this table contains the information to be 859 used for configuring port limits for DS-lite." 860 INDEX { dslitePortLimitInstanceName, 861 dslitePortLimitType } 862 ::= { dslitePortLimitTable 1 } 864 dslitePortLimitEntry ::= 865 SEQUENCE { 866 dslitePortLimitInstanceName DisplayString, 867 dslitePortLimitType INTEGER, 868 dslitePortLimitNumber Integer32, 869 dslitePortLimitStorageType StorageType, 870 dslitePortLimitRowStatus RowStatus 871 } 873 dslitePortLimitInstanceName OBJECT-TYPE 874 SYNTAX DisplayString (SIZE (1..31)) 875 MAX-ACCESS read-only 876 STATUS current 877 DESCRIPTION 878 " This object represents the instance name 879 that is limited." 880 ::= { dslitePortLimitEntry 1 } 882 dslitePortLimitType OBJECT-TYPE 883 SYNTAX INTEGER 884 { 885 tcp(0), 886 udp(1), 887 icmp(2), 888 total(3) 889 } 890 MAX-ACCESS read-only 891 STATUS current 892 DESCRIPTION 893 "This object represents the port limit 894 type: tcp or udp or totally." 895 ::= { dslitePortLimitEntry 2 } 897 dslitePortLimitNumber OBJECT-TYPE 898 SYNTAX Integer32 (1..300000) 899 MAX-ACCESS read-create 900 STATUS current 901 DESCRIPTION 902 "This object represents the limit number of the 903 port usage." 904 ::= { dslitePortLimitEntry 3 } 906 dslitePortLimitStorageType OBJECT-TYPE 907 SYNTAX StorageType 908 MAX-ACCESS read-create 909 STATUS current 910 DESCRIPTION 911 "The storage type for this conceptual row. Conceptual 912 rows having the value 'permanent' need not allow 913 write-access to any columnar objects in the row." 914 ::= { dslitePortLimitEntry 4 } 916 dslitePortLimitRowStatus OBJECT-TYPE 917 SYNTAX RowStatus 918 MAX-ACCESS read-create 919 STATUS current 920 DESCRIPTION 921 "Create or delete table row." 922 ::= { dslitePortLimitEntry 5 } 924 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 3 } 926 dsliteAFTRAlarmB4Addr OBJECT-TYPE 927 SYNTAX dsliteTunnelStartAddress 928 MAX-ACCESS accessible-for-notify 929 STATUS current 930 DESCRIPTION 931 "This object indicate the IP address of 932 B4 that send alarm " 933 ::= { dsliteAFTRAlarmScalar 1 } 935 dsliteAFTRAlarmProtocolType OBJECT-TYPE 936 SYNTAX DisplayString 937 MAX-ACCESS accessible-for-notify 938 STATUS current 939 DESCRIPTION 940 "This object indicate the procotol type of alarm, 941 0:tcp,1:udp,2:icmp,3:total " 942 ::= { dsliteAFTRAlarmScalar 2 } 944 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 945 SYNTAX DisplayString 946 MAX-ACCESS accessible-for-notify 947 STATUS current 948 DESCRIPTION 949 "This object indicate the name of dsliteNATMapAddrName " 950 ::= { dsliteAFTRAlarmScalar 3 } 952 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 953 SYNTAX DisplayString 954 MAX-ACCESS accessible-for-notify 955 STATUS current 956 DESCRIPTION 957 " This object indicate the IP address whose port usage 958 reach threshold " 959 ::= { dsliteAFTRAlarmScalar 4 } 961 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 962 SYNTAX Integer32 (60..90) 963 MAX-ACCESS read-write 964 STATUS current 965 DESCRIPTION 966 " This object indicate the threshold of DS-Lite 967 connections alarm." 968 ::= { dsliteAFTRAlarmScalar 5 } 970 dsliteStatisticTable OBJECT-TYPE 971 SYNTAX SEQUENCE OF dsliteStatisticEntry 972 MAX-ACCESS not-accessible 973 STATUS current 974 DESCRIPTION 975 "This table provides statistical information 976 of DS-Lite." 977 ::= { dsliteInfo 4 } 979 dsliteStatisticEntry OBJECT-TYPE 980 SYNTAX dsliteStatisticEntry 981 MAX-ACCESS not-accessible 982 STATUS current 983 DESCRIPTION 984 "This table provides statistical information 985 of DS-Lite." 986 INDEX { dsliteStatisticInstanceName } 987 ::= { dsliteStatisticTable 1 } 989 dsliteStatisticEntry ::= 990 SEQUENCE { 991 dsliteStatisticInstanceName DisplayString, 992 dsliteStatisticDiscard Counter64, 993 dsliteStatisticReceived Counter64, 994 dsliteStatisticTransmitted Counter64, 995 dsliteStatisticIpv4Session Counter64, 996 dsliteStatisticIpv6Session Counter64, 997 dsliteStatisticStorageType StorageType, 998 dsliteStatisticRowStatus RowStatus 999 } 1001 dsliteStatisticInstanceName OBJECT-TYPE 1002 SYNTAX DisplayString (SIZE (1..31)) 1003 MAX-ACCESS read-only 1004 STATUS current 1005 DESCRIPTION 1006 " This object indicate the instance name 1007 that is limited." 1008 ::= { dsliteStatisticEntry 1 } 1010 dsliteStatisticDiscard OBJECT-TYPE 1011 SYNTAX Counter64 1012 MAX-ACCESS read-create 1013 STATUS current 1014 DESCRIPTION 1015 " This object indicate the count number of 1016 the discarded packet." 1017 ::= { dsliteStatisticEntry 2 } 1019 dsliteStatisticReceived OBJECT-TYPE 1020 SYNTAX Counter64 1021 MAX-ACCESS read-create 1022 STATUS current 1023 DESCRIPTION 1024 "This object indicate the count number of 1025 received packet count." 1026 ::= { dsliteStatisticEntry 3 } 1028 dsliteStatisticTransmitted OBJECT-TYPE 1029 SYNTAX Counter64 1030 MAX-ACCESS read-create 1031 STATUS current 1032 DESCRIPTION 1033 "This object indicate the count number of 1034 transmitted packet count." 1035 ::= { dsliteStatisticEntry 4 } 1037 dsliteStatisticIpv4Session OBJECT-TYPE 1038 SYNTAX Counter64 1039 MAX-ACCESS read-create 1040 STATUS current 1041 DESCRIPTION 1042 " This object indicate the number of the 1043 current IPv4 Session." 1044 ::= { dsliteStatisticEntry 5 } 1046 dsliteStatisticIpv6Session OBJECT-TYPE 1047 SYNTAX Counter64 1048 MAX-ACCESS read-create 1049 STATUS current 1050 DESCRIPTION 1051 " This object indicate the number of the 1052 current IPv6 Session." 1053 ::= { dsliteStatisticEntry 6 } 1055 dsliteStatisticRowStatus OBJECT-TYPE 1056 SYNTAX RowStatus 1057 MAX-ACCESS read-create 1058 STATUS current 1059 DESCRIPTION 1060 "Create or delete table row." 1061 ::= { dsliteStatisticEntry 7 } 1063 ---dslite trap 1065 dsliteTunnelNumAlarm NOTIFICATION-TYPE 1066 STATUS current 1067 DESCRIPTION 1068 "This trap is triggered when dslite tunnel 1069 reach the threshold." 1070 ::= { dsliteTraps 1 } 1072 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 1073 OBJECTS { dsliteAFTRAlarmProtocolType, 1074 dsliteAFTRAlarmB4Addr } 1075 STATUS current 1076 DESCRIPTION 1077 " This trap is triggered when sessions of 1078 user reach the threshold." 1079 ::= { dsliteTraps 2 } 1081 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 1082 OBJECTS { dsliteAFTRAlarmMapAddrName, 1083 dsliteAFTRAlarmSpecificIP } 1084 STATUS current 1085 DESCRIPTION 1086 "This trap is triggered when used NAT 1087 ports of map address reach the threshold." 1088 ::= { dsliteTraps 3 } 1090 --Module Conformance statement 1092 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 1094 dsliteCompliance MODULE-COMPLIANCE 1095 STATUS current 1096 DESCRIPTION 1097 "Description." 1099 MODULE -- this module 1100 MANDATORY-GROUPS { dsliteNATMapGroup, 1101 dsliteTunnelGroup } 1102 ::= { dsliteCompliances 1 } 1104 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 1106 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 1107 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 1108 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 1109 dsliteAFTRAlarmConnectNumber } 1110 STATUS current 1111 DESCRIPTION 1112 " The collection of this objects are used to give the 1113 information about AFTR alarming Scalar." 1114 ::= { dsliteGroups 1 } 1116 dsliteNATMapGroup OBJECT-GROUP 1117 OBJECTS { dsliteNATMapIndex, dsliteNATMapAddrName, 1118 dsliteNATMapEntryType, dsliteNATMapLocalAddrFrom, 1119 dsliteNATMapLocalAddrTo, dsliteNATMapLocalPortFrom, 1120 dsliteNATMapLocalPortTo, dsliteNATMapGlobalAddrFrom, 1121 dsliteNATMapGlobalAddrTo, dsliteNATMapGlobalPortFrom, 1122 dsliteNATMapGlobalPortTo, dsliteNATMapAddrUsed, 1123 dsliteNATMapStorageType, dsliteNATMapRowStatu } 1124 STATUS current 1125 DESCRIPTION 1126 " The collection of this objects are used to give the 1127 information about NAT address mapping." 1128 ::= { dsliteGroups 2 } 1130 dsliteTunnelGroup OBJECT-GROUP 1131 OBJECTS { dsliteTunnelStartAddress, dsliteTunnelStartAddPreLen, 1132 dsliteTunnelEndAddress, 1133 dsliteTunnelStatus, 1134 dsliteTunnelStorageType } 1135 STATUS current 1136 DESCRIPTION 1137 " The collection of this objects are used to give the 1138 information of tunnel in ds-lite." 1139 ::= { dsliteGroups 3 } 1141 dsliteNATBindGroup OBJECT-GROUP 1142 OBJECTS { dsliteNATBindLocalAddr, dsliteNATBindLocalPort, 1143 dsliteNATBindGlobalAddr, dsliteNATBindGlobalPort, 1144 dsliteNATBindId, dsliteB4Addr, dsliteB4PreLen, 1145 dsliteNATBindMapIndex, dsliteNATBindSessions, 1146 dsliteNATBindMaxIdleTime, 1147 dsliteNATBindCurrentIdleTime, 1148 dsliteNATBindInTranslates, 1149 dsliteNATBindOutTranslates } 1150 STATUS current 1151 DESCRIPTION 1152 " The collection of this objects are used to give the 1153 information about NAT Bind." 1154 ::= { dsliteGroups 4 } 1156 dsliteSessionLimitGroup OBJECT-GROUP 1157 OBJECTS { dsliteSessionLimitInstanceName, 1158 dsliteSessionLimitType, dsliteSessionLimitNumber, 1159 dsliteSessionLimitStorageType, 1160 dsliteSessionLimitRowStatus } 1161 STATUS current 1162 DESCRIPTION 1163 " The collection of this objects are used to give the 1164 information about port limit." 1165 ::= { dsliteGroups 5 } 1167 dslitePortLimitGroup OBJECT-GROUP 1168 OBJECTS { dslitePortLimitInstanceName, 1169 dslitePortLimitType, dslitePortLimitNumber, 1170 dslitePortLimitStorageType, 1171 dslitePortLimitRowStatus } 1172 STATUS current 1173 DESCRIPTION 1174 " The collection of this objects are used to give the 1175 information about port limit." 1176 ::= { dsliteGroups 6 } 1178 dsliteStatisticGroup OBJECT-GROUP 1179 OBJECTS { dsliteStatisticInstanceName, 1180 dsliteStatisticDiscard, 1181 dsliteStatisticReceived, 1182 dsliteStatisticTransmitted, 1183 dsliteStatisticIpv4Session, 1184 dsliteStatisticIpv6Session, 1185 dsliteStatisticStorageType, 1186 dsliteStatisticRowStatus } 1187 STATUS current 1188 DESCRIPTION 1189 " The collection of this objects are used to give the 1190 statistical information of ds-lite." 1191 ::= { dsliteGroups 7 } 1193 dsliteTrapsGroup NOTIFICATION-GROUP 1194 NOTIFICATIONS { dsliteTunnelNumAlarm, 1195 dsliteAFTRUserSessionNumAlarm, 1196 dsliteAFTRPortUsageOfSpecificIpAlarm } 1197 STATUS current 1198 DESCRIPTION 1199 "The collection of this objects are used to give the 1200 trap information of ds-lite." 1201 ::= { dsliteGroups 8 } 1203 END 1205 9. Extending this MIB for Gateway Initiated Dual-Stack Lite 1207 Similar to DS-lite, GI-DS-lite enables the service provider to 1208 share public IPv4 addresses among different customers by combining 1209 tunneling and NAT. GI-DS-lite extends existing access tunnels 1210 beyond the access gateway to an IPv4-IPv4 NAT using softwires with 1211 an embedded context identifier that uniquely identifies the end host 1212 the tunneled packets belong to. The MIB defined in this document can 1213 easily extended to use for GI-DS-Lite scenario. New object as CID 1214 SHOULD be extended to the dsliteTunnelTable. And a new object as 1215 dsliteTunnelID can be defined in DS-Lite MIB as SWID in GI-DS-Lite. 1216 Both CID and SWID SHOULD be extended to the dsliteNATBindTable. It 1217 will use the combination of CID and SWID as the unique identifier for 1218 the end host and store it in the NAT binding entry. 1220 10. IANA Considerations 1222 The MIB module in this document uses the following IANA-assigned 1223 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 1224 the following IANA-assigned tunnelType values recorded in the 1225 IANAtunnelType-MIB registry: 1227 Descriptor OBJECT IDENTIFIER value 1228 ---------- ----------------------- 1229 DSLite-MIB { transmission XXX } 1231 IANAtunnelType ::= TEXTUAL-CONVENTION 1233 SYNTAX INTEGER { 1235 dsLite ("XX") -- dslite tunnel 1237 } 1239 Notes: As the Appendix A of the IP Tunnel MIB[RFC4087] described that 1240 it has already assigned the value direct(2) to indicate the tunnel 1241 type is IP in ip tunnel, but it is still difficult to distinguish the 1242 DS-Lite tunnel packets and the normal IP in IP tunnel packets in the 1243 scenario of the AFTR connecting to both the DS-lite tunnel and IP in 1244 IP tunnel. 1246 11. Security Considerations 1248 The DS-Lite MIB module can be used for configuration of certain 1249 objects, and anything that can be incorrectly configured, with 1250 potentially disastrous results. Because this MIB module reuses the 1251 IP tunnel MIB and nat MIB, the security considerations for these MIBs 1252 are also applicable to the DS-Lite MIB. 1254 Unauthorized read access todsliteTunnelEndAddress, or any object in 1255 the dsliteBindRelationTable or dslitePortBindRelationTable would 1256 reveal information about the mapping information. 1258 SNMP versions prior to SNMPv3 did not include adequate security. 1259 Even if the network itself is secure (for example by using IPSec), 1260 even then, there is no control as to who on the secure network is 1261 allowed to access and GET/SET (read/change/create/delete) the objects 1262 in this MIB module. 1264 It is RECOMMENDED that implementers consider the security features as 1265 provided by the SNMPv3 framework (see [RFC3410], section 8), 1266 including full support for the SNMPv3 cryptographic mechanisms (for 1267 authentication and privacy). 1269 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1270 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1271 enable cryptographic security. It is then a customer/operator 1272 responsibility to ensure that the SNMP entity giving access to an 1273 instance of this MIB module is properly configured to give access to 1274 the objects only to those principals (users) that have legitimate 1275 rights to indeed GET or SET (change/create/delete) them. 1277 12. References 1279 12.1. Normative References 1281 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1282 Requirement Levels", BCP 14, RFC 2119, March 1997. 1284 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1285 "Structure of Management Information Version 2 (SMIv2)", 1286 RFC 2578, April 1999. 1288 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual 1289 Conventions for SMIv2", RFC 2579, April 1999. 1291 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1292 "Conformance Statements for SMIv2", RFC 2580, April 1999. 1294 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 1295 MIB", RFC 2863, June 2000. 1297 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1298 Architecture for Describing Simple Network Management 1299 Protocol (SNMP) Management Frameworks", RFC 3411, December 1300 2002. 1302 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1303 Schoenwaelder, "Textual Conventions for Internet Network 1304 Addresses", RFC 4001, February 2005. 1306 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and 1307 Wang, C., "Definitions of Managed Objects for Network 1308 Address Translators (NAT)", RFC 4008, March 2005. 1310 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 1312 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1313 Stack Lite Broadband Deployments Following IPv4 1314 Exhaustion", RFC6333, August 2011. 1316 12.2. Informative References 1318 [I-D.ietf-softwire-gateway-init-ds-lite] 1319 Brockners, F., Gundavelli, S., Speicher, S., and D. Ward, 1320 "Gateway Initiated Dual-Stack Lite Deployment", 1321 draft-ietf-softwire-gateway-init-ds-lite-08 (work in 1322 progress), July 2011. 1324 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1325 "Introduction and Applicability Statements for Internet- 1326 Standard Management Framework", RFC 3410, December 2002. 1328 Author's Addresses 1330 Yu Fu 1331 Huawei Technologies Co., Ltd 1332 Huawei Building, 156 Beiqing Rd., 1333 Hai-Dian District, Beijing 100095 1334 P.R. China 1335 Email: eleven.fuyu@huawei.com 1337 Sheng Jiang 1338 Huawei Technologies Co., Ltd 1339 Huawei Building, 156 Beiqing Rd., 1340 Hai-Dian District, Beijing 100095 1341 P.R. China 1342 Email: jiangsheng@huawei.com 1344 Jiang Dong 1345 Tsinghua University 1346 Department of Computer Science, Tsinghua University 1347 Beijing 100084 1348 P.R. China 1349 Email: dongjiang@csnet1.cs.tsinghua.edu.cn 1351 Yuchi Chen 1352 Tsinghua University 1353 Department of Computer Science, Tsinghua University 1354 Beijing 100084 1355 P.R. China 1356 Email: flashfoxmx@gmail.com