idnits 2.17.1 draft-ietf-softwire-dslite-mib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (February 25, 2013) is 4078 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 6333' is mentioned on line 77, but not defined == Missing Reference: 'RFC 6674' is mentioned on line 150, but not defined == Unused Reference: 'RFC6333' is defined on line 1189, but no explicit reference was found in the text == Unused Reference: 'RFC6674' is defined on line 1193, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Softwire Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track Huawei Technologies Co., Ltd 4 Expires: August 29, 2013 J. Dong 5 Y. Chen 6 Tsinghua University 7 February 25, 2013 9 DS-Lite Management Information Base (MIB) 10 draft-ietf-softwire-dslite-mib-02 12 Status of this Memo 14 This Internet-Draft is submitted in full conformance with the 15 provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF). Note that other groups may also distribute working 19 documents as Internet-Drafts. The list of current Internet-Drafts is 20 at http://datatracker.ietf.org/drafts/current/. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 This Internet-Draft will expire on August 29, 2013. 29 Copyright Notice 31 Copyright (c) 2013 IETF Trust and the persons identified as the 32 document authors. All rights reserved. 34 This document is subject to BCP 78 and the IETF Trust's Legal 35 Provisions Relating to IETF Documents 36 (http://trustee.ietf.org/license-info) in effect on the date of 37 publication of this document. Please review these documents 38 carefully, as they describe your rights and restrictions with respect 39 to this document. Code Components extracted from this document must 40 include Simplified BSD License text as described in Section 4.e of 41 the Trust Legal Provisions and are provided without warranty as 42 described in the Simplified BSD License. 44 Abstract 46 This memo defines a portion of the Management Information Base (MIB) for 47 using with network management protocols in the Internet community. In 48 particular, it defines managed objects for DS-Lite. 50 Table of Contents 52 1. Introduction ................................................. 3 53 2. The Internet-Standard Management Framework ................... 3 54 3. Terminology .................................................. 3 55 4. Difference from the IP tunnel MIB and NAT MIB ................ 3 56 5. Relationship to the IF-MIB ................................... 5 57 6. Structure of the MIB Module .................................. 5 58 6.1. The Object Group ........................................ 5 59 6.1.1. The dsliteTunnel Subtree ........................... 5 60 6.1.2. The dsliteNAT Subtree .............................. 5 61 6.1.3. The dsliteInfo Subtree ............................. 6 62 6.2. The Notification Group .................................. 6 63 6.2.1. The dsliteTrap Subtree ............................. 6 64 6.3. The Conformance Group ................................... 6 65 7. MIB modules required for IMPORTS ............................. 6 66 8. Definitions .................................................. 6 67 9. Extending this MIB for Gateway Initiated Dual-Stack Lite..... 24 68 10. IANA Considerations......................................... 24 69 11. Security Considerations .................................... 25 70 12. References ................................................. 26 71 12.1. Normative References .................................. 26 72 12.2. Informative References ................................ 27 73 Author's Addresses ............................................. 27 75 1. Introduction 77 Dual-Stack Lite [RFC 6333] is a solution to offer both IPv4 and IPv6 78 connectivity to customers crossing IPv6 only infrastructure. One of 79 its key components is an IPv4-over-IPv6 tunnel, which is used to 80 provide IPv4 connection across service provider's IPv6 network. 81 Another key component is a carrier-grade IPv4-IPv4 NAT to share 82 service provider IPv4 addresses among customers. 84 This document defines a portion of the Management Information Base 85 (MIB) for using with network management protocols in the Internet 86 community. This MIB module may be used for configuration and 87 monitoring the devices in the Dual-Stack Lite scenario. 88 This MIB also can be extended to the application for Gateway 89 Initiated Dual-Stack Lite [RFC 6674]. 91 2. The Internet-Standard Management Framework 93 For a detailed overview of the documents that describe the current 94 Internet-Standard Management Framework, please refer to section 7 of 95 [RFC3410]. 97 Managed objects are accessed via a virtual information store, termed 98 the MIB. MIB objects are generally accessed through the Simple 99 Network Management Protocol (SNMP). 101 Objects in the MIB are defined using the mechanisms defined in the 102 Structure of Management Information (SMI). This memo specifies a MIB 103 module that is compliant to the SMIv2, which is described in 104 [RFC2578], [RFC2579] and [RFC2580]. 106 3. Terminology 108 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 109 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 110 document are to be interpreted as described in [RFC2119]. 112 4. Difference from the IP tunnel MIB and NAT MIB 114 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnel 115 and NAT (IPv4 to IPv4 translation). 117 Notes: According to the section 5.2 of RFC6333, DS-Lite only defines 118 IPv4 in IPv6 tunnels at this moment, but other types of encapsulation 119 could be defined in the future. So this DS-Lite MIB only support IP 120 in IP encapsulation, if the RFC6333 defined other tunnel types in the 121 future, this DS-Lite MIB will be updated then. 123 The NAT-MIB [RFC4008] is designed to carry translation from any 124 address family to any address family, therefore it supports IPv4 to 125 IPv4 translation. 127 The tunnel MIB [RFC4087] is designed for managing tunnels of any type 128 over IPv4 and IPv6 networks, therefore it supports IP in IP tunnels. 130 However, NAT MIB and tunnel MIB together are not sufficient to 131 support DS-Lite. This document describes the specific MIB 132 requirements for DS-Lite, as below. 134 In DS-Lite scenario, the tunnel type is IP in IP, more 135 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 136 describe tunnel type in DS-Lite MIB. 138 In DS-Lite scenario, the translation type is IPv4 private 139 address to IPv4 public address. Therefore, it is unnecessary to 140 describe the type of address in the corresponding 141 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 142 which are defined in tunnel MIB for DS-Lite MIB. 144 In DS-Lite scenario, the AFTR is not only the tunnel end 145 concentrator, but also a 4-4 translator. Within the AFTR, 146 tunnel information and translation information MUST be mapped 147 each other. Two independent MIB is not able to reflect this 148 mapping relationship. Therefore, a combined MIB is necessary. 150 If the Gateway Initiated Dual-Stack Lite scenario[RFC 6674] is 151 required, the MIB defined in this document could be easily 152 extended for GI-DS-Lite. CID (Context Identifier) can be 153 extended to the tunnel MIB to identifier the access devices 154 which have the same IPv4 address. And both CID and SWID 155 (Softwire Identifier) can be extended to the NAT MIB for 156 performing the NAT binding look up. 158 The implementation of the IP Tunnel MIB is required for DS-Lite. The 159 tunnelIfEncapsMethod in the tunnelIfEntry should be set to 160 dsLite("xx"), and corresponding entry in the DS-Lite module will 161 exist for every tunnelIfEntry with this tunnelIfEncapsMethod. The 162 tunnelIfRemoteInetAddress must be set to "::". 164 5. Relationship to the IF-MIB 166 The Interfaces MIB [RFC2863] defines generic managed objects for 167 managing interfaces. Each logical interface (physical or virtual)has 168 an ifEntry. Tunnels are handled by creating a logical interface 169 (ifEntry) for each tunnel. DS-Lite tunnel also acts as a virtual 170 interface, which has corresponding entries in IP Tunnel MIB and 171 Interface MIB. Those corresponding entries are indexed by ifIndex. 173 The ifOperStatus in ifTable would be used to represent whether the 174 DS-Lite tunnel function has been originated. The ifInUcastPkts 175 defined in ifTabel will represent the number of IPv4 packets which 176 have been encapsulated into IPv6 packets sent to B4. The 177 ifOutUcastPkts defined in ifTabel contains the number of IPv6 packets 178 which can be decapsulated to IPv4 in the virtual interface. Also, the 179 IF-MIB defines ifMtu for the MTU of this tunnel interface, so DS-Lite 180 MIB does not need to define the MTU for tunnel. 182 6. Structure of the MIB Module 184 The DS-Lite MIB provides a way to monitor and manage the devices 185 (AFTRs)in DS-Lite scenario through SNMP. 187 DS-Lite MIB is configurable on a per-interface basis. It depends on 188 several parts of the IF-MIB [RFC2863], tunnel MIB [RFC4087], and NAT 189 MIB [RFC4008]. 191 6.1. The Object Group 193 This Group defines objects which are needed for DS-Lite MIB. 195 6.1.1. The dsliteTunnel Subtree 197 The dsliteTunnel subtree describes managed objects used for managing 198 tunnels in the DS-Lite scenario. Because some objects defined in 199 Tunnel MIB are not access, a few new objects are defined in DS-Lite 200 MIB. 202 6.1.2. The dsliteNAT Subtree 204 The dsliteNAT Subtree describes managed objects used for 205 configuration as well as monitoring of AFTR which is capable of NAT 206 function. Because the NAT MIB supports the NAT management function in 207 DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT Subtree also 208 provides the information of mapping relationship between the tunnel 209 MIB and NAT MIB by extending the IPv6 address of B4 to the bind table 210 in NAT MIB. 212 6.1.3. The dsliteInfo Subtree 214 The dsliteInfo Subtree provides the statistical information for DS- 215 lite. 217 6.2. The Notification Group 219 This Group defines some notification objects for DS-Lite MIB. 221 6.2.1. The dsliteTrap Subtree 223 The dsliteTrap Subtree provides trap information in DS-Lite instance. 225 6.3. The Conformance Group 227 The dsliteConformance Subtree provides conformance information of MIB 228 objects. 230 7. MIB modules required for IMPORTS 232 This MIB module IMPORTs objects from [RFC4008], [RFC2580], [RFC2578], 233 [RFC2863], [RFC4001], [RFC3411]. 235 8. Definitions 237 DSLite-MIB DEFINITIONS ::= BEGIN 239 IMPORTS 240 MODULE-IDENTITY, OBJECT-TYPE, transmission, 241 NOTIFICATION-TYPE,Gauge32,TimeTicks, 242 Integer32, Counter64 243 FROM SNMPv2-SMI 245 OBJECT-GROUP, MODULE-COMPLIANCE, 246 NOTIFICATION-GROUP 247 FROM SNMPv2-CONF 249 RowStatus, StorageType, DisplayString 250 FROM SNMPv2-TC 252 ifIndex, InterfaceIndexOrZero 253 FROM IF-MIB 255 IANAtunnelType 256 FROM IANAifType-MIB 258 InetAddress, InetAddressIPv6, InetPortNumber 259 FROM INET-ADDRESS-MIB 261 NatAddrMapId, NatBindId 262 FROM NAT-MIB; 264 dsliteMIB MODULE-IDENTITY 265 LAST-UPDATED "201302250000Z" -- Feb 25, 2013 266 ORGANIZATION "IETF Softwire Working Group" 267 CONTACT-INFO 268 "Yu Fu 269 Huawei Technologies Co., Ltd 270 Huawei Building, 156 Beiqing Rd., Hai-Dian District 271 Beijing, P.R. China 100095 272 EMail: eleven.fuyu@huawei.com 274 Sheng Jiang 275 Huawei Technologies Co., Ltd 276 Huawei Building, 156 Beiqing Rd., Hai-Dian District 277 Beijing, P.R. China 100095 278 EMail: jiangsheng@huawei.com 280 Jiang Dong 281 Tsinghua University 282 Department of Computer Science, Tsinghua University 283 Beijing 100084 284 P.R. China 285 Email: dongjiang @csnet1.cs.tsinghua.edu.cn 287 Yuchi Chen 288 Tsinghua University 289 Department of Computer Science, Tsinghua University 290 Beijing 100084 291 P.R. China 292 Email: flashfoxmx@gmail.com " 294 DESCRIPTION 295 "The MIB module is defined for management of object in the 296 DS-Lite scenario. " 297 REVISION "201302250000Z" 298 DESCRIPTION 299 "Initial version. Published as RFC xxxx." 300 --RFC Ed.: RFC-edtitor pls fill in xxxx 301 ::= { transmission xxx } 302 --RFC Ed.: assigned by IANA, see section 10 for details 303 --Top level components of this MIB module 305 dsliteMIBObjects OBJECT IDENTIFIER 306 ::= { dsliteMIB 1 } 308 dsliteTunnel OBJECT IDENTIFIER 309 ::= { dsliteMIBObjects 1 } 311 dsliteNAT OBJECT IDENTIFIER 312 ::= { dsliteMIBObjects 2 } 314 dsliteInfo OBJECT IDENTIFIER 315 ::= { dsliteMIBObjects 3 } 317 --Notifications section 319 dsliteTraps OBJECT IDENTIFIER 320 ::= { dsliteMIB 2 } 322 --Conformance 324 dsliteConformance OBJECT IDENTIFIER 325 ::= { dsliteMIB 3 } 327 --dsliteTunnel 329 --dsliteTunnelTable 331 dsliteTunnelTable OBJECT-TYPE 332 SYNTAX SEQUENCE OF DsliteTunnelEntry 333 MAX-ACCESS not-accessible 334 STATUS current 335 DESCRIPTION 336 "The (conceptual) table containing information on configured 337 tunnels. This table can be used to map CPE address to the 338 associated AFTR address. It can also be used for row 339 creation." 340 ::= { dsliteTunnel 1 } 342 dsliteTunnelEntry OBJECT-TYPE 343 SYNTAX DsliteTunnelEntry 344 MAX-ACCESS not-accessible 345 STATUS current 346 DESCRIPTION 347 "Each entry in this table contains the information on a 348 particular configured tunnel." 349 INDEX { dsliteTunnelStartAddress, 350 dsliteTunnelEndAddress, 351 ifIndex } 352 ::= { dsliteTunnelTable 1 } 354 DsliteTunnelEntry ::= 355 SEQUENCE { 356 dsliteTunnelStartAddress InetAddressIPv6, 357 dsliteTunnelStartAddPreLen Integer32, 358 dsliteTunnelEndAddress InetAddressIPv6 359 } 361 dsliteTunnelStartAddress OBJECT-TYPE 362 SYNTAX InetAddressIPv6 363 MAX-ACCESS read-create 364 STATUS current 365 DESCRIPTION 366 "The address of the start point of the tunnel." 367 ::= { dsliteTunnelEntry 1 } 369 dsliteTunnelStartAddPreLen OBJECT-TYPE 370 SYNTAX Integer32 (0..128) 371 MAX-ACCESS read-create 372 STATUS current 373 DESCRIPTION 374 "IPv6 prefix length of the IP address of the 375 start point of the tunnel." 376 ::= { dsliteTunnelEntry 2 } 378 dsliteTunnelEndAddress OBJECT-TYPE 379 SYNTAX InetAddressIPv6 380 MAX-ACCESS read-create 381 STATUS current 382 DESCRIPTION 383 "The address of the endpoint of the tunnel." 384 ::= { dsliteTunnelEntry 3 } 386 --dsliteNAT 387 --dsliteNATMapTable(define address pool) 388 --dsliteNATBindTable(NAPT) 390 dsliteNATMapTable OBJECT-TYPE 391 SYNTAX SEQUENCE OF DsliteNATMapEntry 392 MAX-ACCESS not-accessible 393 STATUS current 394 DESCRIPTION 395 "This table contains information about address map 396 parameters." 397 ::= { dsliteNAT 1 } 399 dsliteNATMapEntry OBJECT-TYPE 400 SYNTAX DsliteNATMapEntry 401 MAX-ACCESS not-accessible 402 STATUS current 403 DESCRIPTION 404 " This entry represents an address map to be used for 405 NAT and contributes to the address mapping tables of 406 AFTR." 407 INDEX { ifIndex, 408 dsliteNATMapIndex } 409 ::= { dsliteNATMapTable 1 } 411 DsliteNATMapEntry ::= 412 SEQUENCE { 413 dsliteNATMapIndex NatAddrMapId, 414 dsliteNATMapLocalAddrFrom InetAddress, 415 dsliteNATMapLocalAddrTo InetAddress, 416 dsliteNATMapLocalPortFrom InetPortNumber, 417 dsliteNATMapLocalPortTo InetPortNumber, 418 dsliteNATMapGlobalAddrFrom InetAddress, 419 dsliteNATMapGlobalAddrTo InetAddress, 420 dsliteNATMapGlobalPortFrom InetPortNumber, 421 dsliteNATMapGlobalPortTo InetPortNumber, 422 dsliteNATMapAddrUsed Gauge32 423 } 425 dsliteNATMapIndex OBJECT-TYPE 426 SYNTAX NatAddrMapId 427 MAX-ACCESS not-accessible 428 STATUS current 429 DESCRIPTION 430 "Along with ifIndex, this object uniquely 431 identifies an entry in the dsliteNATMapTable. 432 Address map entries are applied in the order 433 specified by dsliteNATMapIndex." 434 ::= { dsliteNATMapEntry 1 } 436 dsliteNATMapLocalAddrFrom OBJECT-TYPE 437 SYNTAX InetAddress 438 MAX-ACCESS read-create 439 STATUS current 440 DESCRIPTION 441 "This object specifies the first IP address of the range 442 of IP addresses mapped by this translation entry. 444 The value of this object must be less than or 445 equal to the value of the dsliteNATMapLocalAddrTo 446 object." 447 ::= { dsliteNATMapEntry 2 } 449 dsliteNATMapLocalAddrTo OBJECT-TYPE 450 SYNTAX InetAddress 451 MAX-ACCESS read-create 452 STATUS current 453 DESCRIPTION 454 "This object specifies the last IP address of the range of 455 IP addresses mapped by this translation entry. If only 456 a single address is being mapped, the value of this 457 object is equal to the value of natAddrMapLocalAddrFrom. 458 The value of this object must be greater than or equal to 459 the value of the natAddrMapLocalAddrFrom object." 460 ::= { dsliteNATMapEntry 3 } 462 dsliteNATMapLocalPortFrom OBJECT-TYPE 463 SYNTAX InetPortNumber 464 MAX-ACCESS read-create 465 STATUS current 466 DESCRIPTION 467 "The value of this object must be less than or equal 468 to the value of the dsliteNATMapLocalPortTo object. 469 If the translation specifies a single port, then the 470 value of this object is equal to the value of 471 dsliteNATMapLocalPortTo." 472 DEFVAL { 0 } 473 ::= { dsliteNATMapEntry 4 } 475 dsliteNATMapLocalPortTo OBJECT-TYPE 476 SYNTAX InetPortNumber 477 MAX-ACCESS read-create 478 STATUS current 479 DESCRIPTION 480 "The value of this object must be greater than or equal 481 to the value of the dsliteNATMapLocalPortFrom object. 482 If the translation specifies a single port, then 483 the value of this object is equal to the value of 484 dsliteNATMapLocalPortFrom." 485 DEFVAL { 0 } 486 ::= { dsliteNATMapEntry 5 } 488 dsliteNATMapGlobalAddrFrom OBJECT-TYPE 489 SYNTAX InetAddress 490 MAX-ACCESS read-create 491 STATUS current 492 DESCRIPTION 493 "This object specifies the first IP address of 494 the range of IP addresses being mapped to. 495 The value of this object must be less than 496 or equal to the value of the 497 dsliteNATMapGlobalAddrTo object." 498 ::= { dsliteNATMapEntry 6 } 500 dsliteNATMapGlobalAddrTo OBJECT-TYPE 501 SYNTAX InetAddress 502 MAX-ACCESS read-create 503 STATUS current 504 DESCRIPTION 505 "This object specifies the last IP address of the range 506 of IP addresses being mapped to. If only a single 507 address is being mapped to, the value of this object 508 is equal to the value of dsliteNATMapGlobalAddrFrom. 509 The value of this object must be greater than or equal 510 to the value of the dsliteNATMapGlobalAddrFrom object." 511 ::= { dsliteNATMapEntry 7 } 513 dsliteNATMapGlobalPortFrom OBJECT-TYPE 514 SYNTAX InetPortNumber 515 MAX-ACCESS read-create 516 STATUS current 517 DESCRIPTION 518 "The value of this object must be less than or equal 519 to the value of the dsliteNATMapGlobalPortTo object. 520 If the translation specifies a single port, then the 521 value of this object is equal to the value 522 dsliteNATMapGlobalPortTo." 523 DEFVAL { 0 } 524 ::= { dsliteNATMapEntry 8 } 526 dsliteNATMapGlobalPortTo OBJECT-TYPE 527 SYNTAX InetPortNumber 528 MAX-ACCESS read-create 529 STATUS current 530 DESCRIPTION 531 "The value of this object must be greater than or 532 equal to the value of the dsliteNATMapGlobalPortFrom 533 object. If the translation specifies a single port, 534 then the value of this object is equal to the 535 value of dsliteNATMapGlobalPortFrom." 536 DEFVAL { 0 } 537 ::= { dsliteNATMapEntry 9 } 539 dsliteNATMapAddrUsed OBJECT-TYPE 540 SYNTAX Gauge32 541 MAX-ACCESS read-only 542 STATUS current 543 DESCRIPTION 544 "The number of addresses pertaining to this address 545 map that are currently being used from the NAT pool." 546 ::= { dsliteNATMapEntry 10 } 548 dsliteNATBindTable OBJECT-TYPE 549 SYNTAX SEQUENCE OF DsliteNATBindEntry 550 MAX-ACCESS not-accessible 551 STATUS current 552 DESCRIPTION 553 "This table contains information about currently 554 active NAT binds in AFTR. This table extends the 555 natAddrPortBindTable designed in NAT MIB (RFC 556 4008) by IPv6 address of B4." 557 ::= { dsliteNAT 2 } 559 dsliteNATBindEntry OBJECT-TYPE 560 SYNTAX DsliteNATBindEntry 561 MAX-ACCESS not-accessible 562 STATUS current 563 DESCRIPTION 564 "Each entry in this table holds the relationship between 565 tunnel information and nat bind information. These entries 566 are lost upon agent restart." 567 INDEX { ifIndex, 568 dsliteNATBindLocalAddr, 569 dsliteNATBindLocalPort, 570 dsliteTunnelStartAddress, 571 dsliteTunnelStartAddPreLen } 572 ::= { dsliteNATBindTable 1 } 574 DsliteNATBindEntry ::= 575 SEQUENCE { 576 dsliteNATBindLocalAddr InetAddress, 577 dsliteNATBindLocalPort InetPortNumber, 578 dsliteNATBindGlobalAddr InetAddress, 579 dsliteNATBindGlobalPort InetPortNumber, 580 dsliteNATBindId NatBindId, 581 dsliteNATBindMapIndex NatAddrMapId, 582 dsliteNATBindSessions Gauge32, 583 dsliteNATBindMaxIdleTime TimeTicks, 584 dsliteNATBindCurrentIdleTime TimeTicks, 585 dsliteNATBindInTranslates Counter64, 586 dsliteNATBindOutTranslates Counter64 587 } 589 dsliteNATBindLocalAddr OBJECT-TYPE 590 SYNTAX InetAddress 591 MAX-ACCESS not-accessible 592 STATUS current 593 DESCRIPTION 594 "This object represents the private IP address of host." 595 ::= { dsliteNATBindEntry 1 } 597 dsliteNATBindLocalPort OBJECT-TYPE 598 SYNTAX InetPortNumber 599 MAX-ACCESS not-accessible 600 STATUS current 601 DESCRIPTION 602 "For a protocol value TCP or UDP, this object represents 603 the private-realm specific port number. On the other 604 hand, for ICMP a bind is created only for query/response 605 type ICMP messages such as ICMP echo, Timestamp, and 606 Information request messages, and this object represents 607 the private-realm specific identifier in the ICMP 608 message, as defined in RFC 792 for ICMPv4." 609 ::= { dsliteNATBindEntry 2 } 611 dsliteNATBindGlobalAddr OBJECT-TYPE 612 SYNTAX InetAddress 613 MAX-ACCESS read-only 614 STATUS current 615 DESCRIPTION 616 "This object represents the public-realm IP 617 address of host." 618 ::= { dsliteNATBindEntry 3 } 620 dsliteNATBindGlobalPort OBJECT-TYPE 621 SYNTAX InetPortNumber 622 MAX-ACCESS read-only 623 STATUS current 624 DESCRIPTION 625 "For a protocol value TCP or UDP, this object represents 626 the public-realm specific port number. On the other 627 hand, for ICMP a bind is created only for query/response 628 type ICMP messages such as ICMP echo, Timestamp, and 629 Information request messages, and this object represents 630 the public-realm specific identifier in the ICMP 631 message, as defined in RFC 792 for ICMPv4." 632 ::= { dsliteNATBindEntry 4 } 634 dsliteNATBindId OBJECT-TYPE 635 SYNTAX NatBindId 636 MAX-ACCESS read-only 637 STATUS current 638 DESCRIPTION 639 "This object represents a bind id that is 640 dynamically assigned to each bind by AFTR. 641 Each bind is represented by a unique bind 642 id across the dsliteNATBindTable." 643 ::= { dsliteNATBindEntry 5 } 645 dsliteNATBindMapIndex OBJECT-TYPE 646 SYNTAX NatAddrMapId 647 MAX-ACCESS read-only 648 STATUS current 649 DESCRIPTION 650 "This object is a pointer to the dsliteNATMapTable 651 entry used in creating this BIND." 652 ::= { dsliteNATBindEntry 6 } 654 dsliteNATBindSessions OBJECT-TYPE 655 SYNTAX Gauge32 656 MAX-ACCESS read-only 657 STATUS current 658 DESCRIPTION 659 " This object represents the number of sessions currently 660 using this BIND." 661 ::= { dsliteNATBindEntry 7 } 663 dsliteNATBindMaxIdleTime OBJECT-TYPE 664 SYNTAX TimeTicks 665 MAX-ACCESS read-only 666 STATUS current 667 DESCRIPTION 668 "This object indicates the maximum time for 669 which this bind can be idle without any sessions 670 attached to it." 671 ::= { dsliteNATBindEntry 8 } 673 dsliteNATBindCurrentIdleTime OBJECT-TYPE 674 SYNTAX TimeTicks 675 MAX-ACCESS read-only 676 STATUS current 677 DESCRIPTION 678 "At any given instance, this object indicates the 679 time that this bind has been idle without any sessions 680 attached to it." 681 ::= { dsliteNATBindEntry 9 } 683 dsliteNATBindInTranslates OBJECT-TYPE 684 SYNTAX Counter64 685 MAX-ACCESS read-only 686 STATUS current 687 DESCRIPTION 688 "The number of inbound packets that were 689 translated as per this bind entry." 690 ::= { dsliteNATBindEntry 10 } 692 dsliteNATBindOutTranslates OBJECT-TYPE 693 SYNTAX Counter64 694 MAX-ACCESS read-only 695 STATUS current 696 DESCRIPTION 697 "The number of outbound packets that were 698 translated as per this bind entry." 699 ::= { dsliteNATBindEntry 11 } 701 --dsliteInfo 703 dsliteSessionLimitTable OBJECT-TYPE 704 SYNTAX SEQUENCE OF DsliteSessionLimitEntry 705 MAX-ACCESS not-accessible 706 STATUS current 707 DESCRIPTION 708 "The (conceptual) table containing information about session 709 limit. It can also be used for row creation." 710 ::= { dsliteInfo 1 } 712 dsliteSessionLimitEntry OBJECT-TYPE 713 SYNTAX DsliteSessionLimitEntry 714 MAX-ACCESS not-accessible 715 STATUS current 716 DESCRIPTION 717 "Each entry in this table contains the information to be 718 used for configuring session limits for DS-lite." 719 INDEX { dsliteSessionLimitInstanceName, 720 dsliteSessionLimitType } 721 ::= { dsliteSessionLimitTable 1 } 723 DsliteSessionLimitEntry ::= 724 SEQUENCE { 725 dsliteSessionLimitInstanceName DisplayString, 726 dsliteSessionLimitType INTEGER, 727 dsliteSessionLimitNumber Integer32 728 } 730 dsliteSessionLimitInstanceName OBJECT-TYPE 731 SYNTAX DisplayString (SIZE (1..31)) 732 MAX-ACCESS read-only 733 STATUS current 734 DESCRIPTION 735 " This object represents the instance name 736 that is limited." 737 ::= { dsliteSessionLimitEntry 1 } 739 dsliteSessionLimitType OBJECT-TYPE 740 SYNTAX INTEGER 741 { 742 tcp(0), 743 udp(1), 744 icmp(2), 745 total(3) 746 } 747 MAX-ACCESS read-only 748 STATUS current 749 DESCRIPTION 750 "This object represents the session limit type: 751 tcp or udp or totally." 752 ::= { dsliteSessionLimitEntry 2 } 754 dsliteSessionLimitNumber OBJECT-TYPE 755 SYNTAX Integer32 (1..65535) 756 MAX-ACCESS read-create 757 STATUS current 758 DESCRIPTION 759 " This table represents the limit number of the session." 760 ::= { dsliteSessionLimitEntry 3 } 762 dslitePortLimitTable OBJECT-TYPE 763 SYNTAX SEQUENCE OF DslitePortLimitEntry 764 MAX-ACCESS not-accessible 765 STATUS current 766 DESCRIPTION 767 "This table is used to configure port limits for a 768 DS-Lite instance." 769 ::= { dsliteInfo 2 } 771 dslitePortLimitEntry OBJECT-TYPE 772 SYNTAX DslitePortLimitEntry 773 MAX-ACCESS not-accessible 774 STATUS current 775 DESCRIPTION 776 "Each entry in this table contains the information to be 777 used for configuring port limits for DS-lite." 778 INDEX { dslitePortLimitInstanceName, 779 dslitePortLimitType } 780 ::= { dslitePortLimitTable 1 } 782 DslitePortLimitEntry ::= 783 SEQUENCE { 784 dslitePortLimitInstanceName DisplayString, 785 dslitePortLimitType INTEGER, 786 dslitePortLimitNumber Integer32 787 } 789 dslitePortLimitInstanceName OBJECT-TYPE 790 SYNTAX DisplayString (SIZE (1..31)) 791 MAX-ACCESS read-only 792 STATUS current 793 DESCRIPTION 794 " This object represents the instance name 795 that is limited." 796 ::= { dslitePortLimitEntry 1 } 798 dslitePortLimitType OBJECT-TYPE 799 SYNTAX INTEGER 800 { 801 tcp(0), 802 udp(1), 803 icmp(2), 804 total(3) 805 } 806 MAX-ACCESS read-only 807 STATUS current 808 DESCRIPTION 809 "This object represents the port limit 810 type: tcp or udp or totally." 811 ::= { dslitePortLimitEntry 2 } 813 dslitePortLimitNumber OBJECT-TYPE 814 SYNTAX Integer32 (1..300000) 815 MAX-ACCESS read-create 816 STATUS current 817 DESCRIPTION 818 "This object represents the limit number of the 819 port usage." 820 ::= { dslitePortLimitEntry 3 } 822 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 3 } 824 dsliteAFTRAlarmB4Addr OBJECT-TYPE 825 SYNTAX DisplayString 826 MAX-ACCESS accessible-for-notify 827 STATUS current 828 DESCRIPTION 829 "This object indicate the IP address of 830 B4 that send alarm " 831 ::= { dsliteAFTRAlarmScalar 1 } 833 dsliteAFTRAlarmProtocolType OBJECT-TYPE 834 SYNTAX DisplayString 835 MAX-ACCESS accessible-for-notify 836 STATUS current 837 DESCRIPTION 838 "This object indicate the procotol type of alarm, 839 0:tcp,1:udp,2:icmp,3:total " 840 ::= { dsliteAFTRAlarmScalar 2 } 842 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 843 SYNTAX DisplayString 844 MAX-ACCESS accessible-for-notify 845 STATUS current 846 DESCRIPTION 847 "This object indicate the name of dsliteNATMapAddrName " 848 ::= { dsliteAFTRAlarmScalar 3 } 850 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 851 SYNTAX DisplayString 852 MAX-ACCESS accessible-for-notify 853 STATUS current 854 DESCRIPTION 855 " This object indicate the IP address whose port usage 856 reach threshold " 857 ::= { dsliteAFTRAlarmScalar 4 } 859 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 860 SYNTAX Integer32 (60..90) 861 MAX-ACCESS read-write 862 STATUS current 863 DESCRIPTION 864 " This object indicate the threshold of DS-Lite 865 connections alarm." 866 ::= { dsliteAFTRAlarmScalar 5 } 868 dsliteStatisticTable OBJECT-TYPE 869 SYNTAX SEQUENCE OF DsliteStatisticEntry 870 MAX-ACCESS not-accessible 871 STATUS current 872 DESCRIPTION 873 "This table provides statistical information 874 of DS-Lite." 875 ::= { dsliteInfo 4 } 877 dsliteStatisticEntry OBJECT-TYPE 878 SYNTAX DsliteStatisticEntry 879 MAX-ACCESS not-accessible 880 STATUS current 881 DESCRIPTION 882 "This table provides statistical information 883 of DS-Lite." 884 INDEX { dsliteStatisticInstanceName } 885 ::= { dsliteStatisticTable 1 } 887 DsliteStatisticEntry ::= 888 SEQUENCE { 889 dsliteStatisticInstanceName DisplayString, 890 dsliteStatisticDiscard Counter64, 891 dsliteStatisticReceived Counter64, 892 dsliteStatisticTransmitted Counter64, 893 dsliteStatisticIpv4Session Counter64, 894 dsliteStatisticIpv6Session Counter64 895 } 897 dsliteStatisticInstanceName OBJECT-TYPE 898 SYNTAX DisplayString (SIZE (1..31)) 899 MAX-ACCESS read-only 900 STATUS current 901 DESCRIPTION 902 " This object indicate the instance name 903 that is limited." 904 ::= { dsliteStatisticEntry 1 } 906 dsliteStatisticDiscard OBJECT-TYPE 907 SYNTAX Counter64 908 MAX-ACCESS read-create 909 STATUS current 910 DESCRIPTION 911 " This object indicate the count number of 912 the discarded packet." 913 ::= { dsliteStatisticEntry 2 } 915 dsliteStatisticReceived OBJECT-TYPE 916 SYNTAX Counter64 917 MAX-ACCESS read-create 918 STATUS current 919 DESCRIPTION 920 "This object indicate the count number of 921 received packet count." 922 ::= { dsliteStatisticEntry 3 } 924 dsliteStatisticTransmitted OBJECT-TYPE 925 SYNTAX Counter64 926 MAX-ACCESS read-create 927 STATUS current 928 DESCRIPTION 929 "This object indicate the count number of 930 transmitted packet count." 931 ::= { dsliteStatisticEntry 4 } 933 dsliteStatisticIpv4Session OBJECT-TYPE 934 SYNTAX Counter64 935 MAX-ACCESS read-create 936 STATUS current 937 DESCRIPTION 938 " This object indicate the number of the 939 current IPv4 Session." 940 ::= { dsliteStatisticEntry 5 } 942 dsliteStatisticIpv6Session OBJECT-TYPE 943 SYNTAX Counter64 944 MAX-ACCESS read-create 945 STATUS current 946 DESCRIPTION 947 " This object indicate the number of the 948 current IPv6 Session." 949 ::= { dsliteStatisticEntry 6 } 951 ---dslite trap 953 dsliteTunnelNumAlarm NOTIFICATION-TYPE 954 STATUS current 955 DESCRIPTION 956 "This trap is triggered when dslite tunnel 957 reach the threshold." 958 ::= { dsliteTraps 1 } 960 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 961 OBJECTS { dsliteAFTRAlarmProtocolType, 962 dsliteAFTRAlarmB4Addr } 963 STATUS current 964 DESCRIPTION 965 " This trap is triggered when sessions of 966 user reach the threshold." 967 ::= { dsliteTraps 2 } 969 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 970 OBJECTS { dsliteAFTRAlarmMapAddrName, 971 dsliteAFTRAlarmSpecificIP } 972 STATUS current 973 DESCRIPTION 974 "This trap is triggered when used NAT 975 ports of map address reach the threshold." 976 ::= { dsliteTraps 3 } 978 --Module Conformance statement 980 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 982 dsliteCompliance MODULE-COMPLIANCE 983 STATUS current 984 DESCRIPTION 985 "Description." 986 MODULE -- this module 987 MANDATORY-GROUPS { dsliteNATMapGroup,dsliteNATBindGroup, 988 dsliteTunnelGroup } 989 ::= { dsliteCompliances 1 } 991 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 993 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 994 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 995 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 996 dsliteAFTRAlarmConnectNumber } 997 STATUS current 998 DESCRIPTION 999 " The collection of this objects are used to give the 1000 information about AFTR alarming Scalar." 1001 ::= { dsliteGroups 1 } 1003 dsliteNATMapGroup OBJECT-GROUP 1004 OBJECTS { 1005 dsliteNATMapLocalAddrFrom, 1006 dsliteNATMapLocalAddrTo, dsliteNATMapLocalPortFrom, 1007 dsliteNATMapLocalPortTo, dsliteNATMapGlobalAddrFrom, 1008 dsliteNATMapGlobalAddrTo, dsliteNATMapGlobalPortFrom, 1009 dsliteNATMapGlobalPortTo, dsliteNATMapAddrUsed } 1010 STATUS current 1011 DESCRIPTION 1012 " The collection of this objects are used to give the 1013 information about NAT address mapping." 1014 ::= { dsliteGroups 2 } 1016 dsliteTunnelGroup OBJECT-GROUP 1017 OBJECTS { dsliteTunnelStartAddress, dsliteTunnelStartAddPreLen, 1018 dsliteTunnelEndAddress } 1019 STATUS current 1020 DESCRIPTION 1021 " The collection of this objects are used to give the 1022 information of tunnel in ds-lite." 1023 ::= { dsliteGroups 3 } 1025 dsliteNATBindGroup OBJECT-GROUP 1026 OBJECTS { 1027 dsliteNATBindGlobalAddr, dsliteNATBindGlobalPort, 1028 dsliteNATBindId, dsliteNATBindMapIndex, 1029 dsliteNATBindSessions,dsliteNATBindMaxIdleTime, 1030 dsliteNATBindCurrentIdleTime, 1031 dsliteNATBindInTranslates, 1032 dsliteNATBindOutTranslates } 1033 STATUS current 1034 DESCRIPTION 1035 " The collection of this objects are used to give the 1036 information about NAT Bind." 1037 ::= { dsliteGroups 4 } 1039 dsliteSessionLimitGroup OBJECT-GROUP 1040 OBJECTS { dsliteSessionLimitInstanceName, 1041 dsliteSessionLimitType, dsliteSessionLimitNumber } 1042 STATUS current 1043 DESCRIPTION 1044 " The collection of this objects are used to give the 1045 information about port limit." 1046 ::= { dsliteGroups 5 } 1048 dslitePortLimitGroup OBJECT-GROUP 1049 OBJECTS { dslitePortLimitInstanceName, 1050 dslitePortLimitType, dslitePortLimitNumber } 1051 STATUS current 1052 DESCRIPTION 1053 " The collection of this objects are used to give the 1054 information about port limit." 1055 ::= { dsliteGroups 6 } 1057 dsliteStatisticGroup OBJECT-GROUP 1058 OBJECTS { dsliteStatisticInstanceName, 1059 dsliteStatisticDiscard, 1060 dsliteStatisticReceived, 1061 dsliteStatisticTransmitted, 1062 dsliteStatisticIpv4Session, 1063 dsliteStatisticIpv6Session } 1064 STATUS current 1065 DESCRIPTION 1066 " The collection of this objects are used to give the 1067 statistical information of ds-lite." 1068 ::= { dsliteGroups 7 } 1070 dsliteTrapsGroup NOTIFICATION-GROUP 1071 NOTIFICATIONS { dsliteTunnelNumAlarm, 1072 dsliteAFTRUserSessionNumAlarm, 1073 dsliteAFTRPortUsageOfSpecificIpAlarm } 1074 STATUS current 1075 DESCRIPTION 1076 "The collection of this objects are used to give the 1077 trap information of ds-lite." 1078 ::= { dsliteGroups 8 } 1080 END 1082 9. Extending this MIB for Gateway Initiated Dual-Stack Lite 1084 Similar to DS-lite, GI-DS-lite enables the service provider to 1085 share public IPv4 addresses among different customers by combining 1086 tunneling and NAT. GI-DS-lite extends existing access tunnels 1087 beyond the access gateway to an IPv4-IPv4 NAT using softwires with 1088 an embedded context identifier that uniquely identifies the end host 1089 the tunneled packets belong to. The MIB defined in this document can 1090 easily extended to use for GI-DS-Lite scenario. New object as CID 1091 SHOULD be extended to the dsliteTunnelTable. And a new object as 1092 dsliteTunnelID can be defined in DS-Lite MIB as SWID in GI-DS-Lite. 1093 Both CID and SWID SHOULD be extended to the dsliteNATBindTable.The 1094 combination of CID and SWID will be used as the unique identifier for 1095 the end host and store it in the NAT binding entry. 1097 10. IANA Considerations 1099 The MIB module in this document uses the following IANA-assigned 1100 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 1101 the following IANA-assigned tunnelType values recorded in the 1102 IANAtunnelType-MIB registry: 1104 Descriptor OBJECT IDENTIFIER value 1105 ---------- ----------------------- 1106 DSLite-MIB { transmission XXX } 1108 IANAtunnelType ::= TEXTUAL-CONVENTION 1110 SYNTAX INTEGER { 1112 dsLite ("XX") -- dslite tunnel 1114 } 1116 Notes: As the Appendix A of the IP Tunnel MIB[RFC4087] described that 1117 it has already assigned the value direct(2) to indicate the tunnel 1118 type is IP in ip tunnel, but it is still difficult to distinguish the 1119 DS-Lite tunnel packets and the normal IP in IP tunnel packets in the 1120 scenario of the AFTR connecting to both the DS-lite tunnel and IP in 1121 IP tunnel. 1123 11. Security Considerations 1125 The DS-Lite MIB module can be used for configuration of certain 1126 objects, and anything that can be incorrectly configured, with 1127 potentially disastrous results. Because this MIB module reuses the 1128 IP tunnel MIB and nat MIB, the security considerations for these MIBs 1129 are also applicable to the DS-Lite MIB. 1131 Unauthorized read access todsliteTunnelEndAddress, or any object in 1132 the dsliteBindRelationTable or dslitePortBindRelationTable would 1133 reveal information about the mapping information. 1135 SNMP versions prior to SNMPv3 did not include adequate security. 1136 Even if the network itself is secure (for example by using IPSec), 1137 even then, there is no control as to who on the secure network is 1138 allowed to access and GET/SET (read/change/create/delete) the objects 1139 in this MIB module. 1141 It is RECOMMENDED that implementers consider the security features as 1142 provided by the SNMPv3 framework (see [RFC3410], section 8), 1143 including full support for the SNMPv3 cryptographic mechanisms (for 1144 authentication and privacy). 1146 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1147 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1148 enable cryptographic security. It is then a customer/operator 1149 responsibility to ensure that the SNMP entity giving access to an 1150 instance of this MIB module is properly configured to give access to 1151 the objects only to those principals (users) that have legitimate 1152 rights to indeed GET or SET (change/create/delete) them. 1154 12. References 1156 12.1. Normative References 1158 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1159 Requirement Levels", BCP 14, RFC 2119, March 1997. 1161 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1162 "Structure of Management Information Version 2 (SMIv2)", 1163 RFC 2578, April 1999. 1165 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual 1166 Conventions for SMIv2", RFC 2579, April 1999. 1168 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1169 "Conformance Statements for SMIv2", RFC 2580, April 1999. 1171 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 1172 MIB", RFC 2863, June 2000. 1174 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1175 Architecture for Describing Simple Network Management 1176 Protocol (SNMP) Management Frameworks", RFC 3411, December 1177 2002. 1179 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1180 Schoenwaelder, "Textual Conventions for Internet Network 1181 Addresses", RFC 4001, February 2005. 1183 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and 1184 Wang, C., "Definitions of Managed Objects for Network 1185 Address Translators (NAT)", RFC 4008, March 2005. 1187 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 1189 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1190 Stack Lite Broadband Deployments Following IPv4 1191 Exhaustion", RFC6333, August 2011. 1193 [RFC6674] Brockners, F., Gundavelli, S., Speicher, S., Ward, D. 1194 "Gateway-Initiated Dual-Stack Lite Deployment", RFC 6674, 1195 July 2012. 1197 12.2. Informative References 1199 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1200 "Introduction and Applicability Statements for Internet- 1201 Standard Management Framework", RFC 3410, December 2002. 1203 Author's Addresses 1205 Yu Fu 1206 Huawei Technologies Co., Ltd 1207 Huawei Building, 156 Beiqing Rd., 1208 Hai-Dian District, Beijing 100095 1209 P.R. China 1210 Email: eleven.fuyu@huawei.com 1212 Sheng Jiang 1213 Huawei Technologies Co., Ltd 1214 Huawei Building, 156 Beiqing Rd., 1215 Hai-Dian District, Beijing 100095 1216 P.R. China 1217 Email: jiangsheng@huawei.com 1219 Jiang Dong 1220 Tsinghua University 1221 Department of Computer Science, Tsinghua University 1222 Beijing 100084 1223 P.R. China 1224 Email: dongjiang@csnet1.cs.tsinghua.edu.cn 1226 Yuchi Chen 1227 Tsinghua University 1228 Department of Computer Science, Tsinghua University 1229 Beijing 100084 1230 P.R. China 1231 Email: flashfoxmx@gmail.com