idnits 2.17.1 draft-ietf-softwire-dslite-mib-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (August 28, 2013) is 3893 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 6333' is mentioned on line 77, but not defined == Missing Reference: 'RFC 6674' is mentioned on line 150, but not defined == Unused Reference: 'RFC6333' is defined on line 1290, but no explicit reference was found in the text == Unused Reference: 'RFC6674' is defined on line 1294, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) Summary: 1 error (**), 0 flaws (~~), 6 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Softwire Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track Huawei Technologies Co., Ltd 4 Expires: March 01, 2014 J. Dong 5 Y. Chen 6 Tsinghua University 7 August 28, 2013 9 DS-Lite Management Information Base (MIB) 10 draft-ietf-softwire-dslite-mib-03 12 Status of this Memo 14 This Internet-Draft is submitted in full conformance with the 15 provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF). Note that other groups may also distribute working 19 documents as Internet-Drafts. The list of current Internet-Drafts is 20 at http://datatracker.ietf.org/drafts/current/. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 This Internet-Draft will expire on March 01, 2014. 29 Copyright Notice 31 Copyright (c) 2013 IETF Trust and the persons identified as the 32 document authors. All rights reserved. 34 This document is subject to BCP 78 and the IETF Trust's Legal 35 Provisions Relating to IETF Documents 36 (http://trustee.ietf.org/license-info) in effect on the date of 37 publication of this document. Please review these documents 38 carefully, as they describe your rights and restrictions with respect 39 to this document. Code Components extracted from this document must 40 include Simplified BSD License text as described in Section 4.e of 41 the Trust Legal Provisions and are provided without warranty as 42 described in the Simplified BSD License. 44 Abstract 46 This memo defines a portion of the Management Information Base (MIB) for 47 using with network management protocols in the Internet community. In 48 particular, it defines managed objects for DS-Lite. 50 Table of Contents 52 1. Introduction ................................................. 3 53 2. The Internet-Standard Management Framework ................... 3 54 3. Terminology .................................................. 3 55 4. Difference from the IP tunnel MIB and NAT MIB ................ 3 56 5. Relationship to the IF-MIB ................................... 5 57 6. Structure of the MIB Module .................................. 5 58 6.1. The Object Group ........................................ 5 59 6.1.1. The dsliteTunnel Subtree ........................... 5 60 6.1.2. The dsliteNAT Subtree .............................. 5 61 6.1.3. The dsliteInfo Subtree ............................. 6 62 6.2. The Notification Group .................................. 6 63 6.2.1. The dsliteTrap Subtree ............................. 6 64 6.3. The Conformance Group ................................... 6 65 7. MIB modules required for IMPORTS ............................. 6 66 8. Definitions .................................................. 6 67 9. Extending this MIB for Gateway Initiated Dual-Stack Lite .....27 68 10. IANA Considerations......................................... 27 69 11. Security Considerations .................................... 28 70 12. References ................................................. 29 71 12.1. Normative References .................................. 29 72 12.2. Informative References ................................ 30 73 Author's Addresses ............................................. 30 75 1. Introduction 77 Dual-Stack Lite [RFC 6333] is a solution to offer both IPv4 and IPv6 78 connectivity to customers crossing IPv6 only infrastructure. One of 79 its key components is an IPv4-over-IPv6 tunnel, which is used to 80 provide IPv4 connection across service provider's IPv6 network. 81 Another key component is a carrier-grade IPv4-IPv4 NAT to share 82 service provider IPv4 addresses among customers. 84 This document defines a portion of the Management Information Base 85 (MIB) for using with network management protocols in the Internet 86 community. This MIB module may be used for configuration and 87 monitoring the devices in the Dual-Stack Lite scenario. 88 This MIB also can be extended to the application for Gateway 89 Initiated Dual-Stack Lite [RFC 6674]. 91 2. The Internet-Standard Management Framework 93 For a detailed overview of the documents that describe the current 94 Internet-Standard Management Framework, please refer to section 7 of 95 [RFC3410]. 97 Managed objects are accessed via a virtual information store, termed 98 the MIB. MIB objects are generally accessed through the Simple 99 Network Management Protocol (SNMP). 101 Objects in the MIB are defined using the mechanisms defined in the 102 Structure of Management Information (SMI). This memo specifies a MIB 103 module that is compliant to the SMIv2, which is described in 104 [RFC2578], [RFC2579] and [RFC2580]. 106 3. Terminology 108 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 109 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 110 document are to be interpreted as described in [RFC2119]. 112 4. Difference from the IP tunnel MIB and NAT MIB 114 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnel 115 and NAT (IPv4 to IPv4 translation). 117 Notes: According to the section 5.2 of RFC6333, DS-Lite only defines 118 IPv4 in IPv6 tunnels at this moment, but other types of encapsulation 119 could be defined in the future. So this DS-Lite MIB only support IP 120 in IP encapsulation, if the RFC6333 defined other tunnel types in the 121 future, this DS-Lite MIB will be updated then. 123 The NAT-MIB [RFC4008] is designed to carry translation from any 124 address family to any address family, therefore it supports IPv4 to 125 IPv4 translation. 127 The tunnel MIB [RFC4087] is designed for managing tunnels of any type 128 over IPv4 and IPv6 networks, therefore it supports IP in IP tunnels. 130 However, NAT MIB and tunnel MIB together are not sufficient to 131 support DS-Lite. This document describes the specific MIB 132 requirements for DS-Lite, as below. 134 In DS-Lite scenario, the tunnel type is IP in IP, more 135 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 136 describe tunnel type in DS-Lite MIB. 138 In DS-Lite scenario, the translation type is IPv4 private 139 address to IPv4 public address. Therefore, it is unnecessary to 140 describe the type of address in the corresponding 141 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 142 which are defined in tunnel MIB for DS-Lite MIB. 144 In DS-Lite scenario, the AFTR is not only the tunnel end 145 concentrator, but also a 4-4 translator. Within the AFTR, 146 tunnel information and translation information MUST be mapped 147 each other. Two independent MIB is not able to reflect this 148 mapping relationship. Therefore, a combined MIB is necessary. 150 If the Gateway Initiated Dual-Stack Lite scenario[RFC 6674] is 151 required, the MIB defined in this document could be easily 152 extended for GI-DS-Lite. CID (Context Identifier) can be 153 extended to the tunnel MIB to identifier the access devices 154 which have the same IPv4 address. And both CID and SWID 155 (Softwire Identifier) can be extended to the NAT MIB for 156 performing the NAT binding look up. 158 The implementation of the IP Tunnel MIB is required for DS-Lite. The 159 tunnelIfEncapsMethod in the tunnelIfEntry should be set to 160 dsLite("xx"), and corresponding entry in the DS-Lite module will 161 exist for every tunnelIfEntry with this tunnelIfEncapsMethod. The 162 tunnelIfRemoteInetAddress must be set to "::". 164 5. Relationship to the IF-MIB 166 The Interfaces MIB [RFC2863] defines generic managed objects for 167 managing interfaces. Each logical interface (physical or virtual)has 168 an ifEntry. Tunnels are handled by creating a logical interface 169 (ifEntry) for each tunnel. DS-Lite tunnel also acts as a virtual 170 interface, which has corresponding entries in IP Tunnel MIB and 171 Interface MIB. Those corresponding entries are indexed by ifIndex. 173 The ifOperStatus in ifTable would be used to represent whether the 174 DS-Lite tunnel function has been originated. The ifInUcastPkts 175 defined in ifTabel will represent the number of IPv4 packets which 176 have been encapsulated into IPv6 packets sent to B4. The 177 ifOutUcastPkts defined in ifTabel contains the number of IPv6 packets 178 which can be decapsulated to IPv4 in the virtual interface. Also, the 179 IF-MIB defines ifMtu for the MTU of this tunnel interface, so DS-Lite 180 MIB does not need to define the MTU for tunnel. 182 6. Structure of the MIB Module 184 The DS-Lite MIB provides a way to monitor and manage the devices 185 (AFTRs)in DS-Lite scenario through SNMP. 187 DS-Lite MIB is configurable on a per-interface basis. It depends on 188 several parts of the IF-MIB [RFC2863], tunnel MIB [RFC4087], and NAT 189 MIB [RFC4008]. 191 6.1. The Object Group 193 This Group defines objects which are needed for DS-Lite MIB. 195 6.1.1. The dsliteTunnel Subtree 197 The dsliteTunnel subtree describes managed objects used for managing 198 tunnels in the DS-Lite scenario. Because some objects defined in 199 Tunnel MIB are not access, a few new objects are defined in DS-Lite 200 MIB. 202 6.1.2. The dsliteNAT Subtree 204 The dsliteNAT Subtree describes managed objects used for 205 configuration as well as monitoring of AFTR which is capable of NAT 206 function. Because the NAT MIB supports the NAT management function in 207 DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT Subtree also 208 provides the information of mapping relationship between the tunnel 209 MIB and NAT MIB by extending the IPv6 address of B4 to the bind table 210 in NAT MIB. 212 6.1.3. The dsliteInfo Subtree 214 The dsliteInfo Subtree provides the statistical information for DS- 215 lite. 217 6.2. The Notification Group 219 This Group defines some notification objects for DS-Lite MIB. 221 6.2.1. The dsliteTrap Subtree 223 The dsliteTrap Subtree provides trap information in DS-Lite instance. 225 6.3. The Conformance Group 227 The dsliteConformance Subtree provides conformance information of MIB 228 objects. 230 7. MIB modules required for IMPORTS 232 This MIB module IMPORTs objects from [RFC4008], [RFC2580], [RFC2578], 233 [RFC2863], [RFC4001], [RFC3411]. 235 8. Definitions 237 DSLite-MIB DEFINITIONS ::= BEGIN 239 IMPORTS 240 MODULE-IDENTITY, OBJECT-TYPE, transmission, 241 NOTIFICATION-TYPE,Gauge32,TimeTicks, 242 Integer32, Counter64 243 FROM SNMPv2-SMI 245 OBJECT-GROUP, MODULE-COMPLIANCE, 246 NOTIFICATION-GROUP 247 FROM SNMPv2-CONF 249 DisplayString 250 FROM SNMPv2-TC 252 ifIndex 253 FROM IF-MIB 255 InetAddress, InetAddressType,InetPortNumber 256 FROM INET-ADDRESS-MIB 258 NatAddrMapId, NatBindId 259 FROM NAT-MIB; 261 dsliteMIB MODULE-IDENTITY 262 LAST-UPDATED "201308280000Z" -- August 28, 2013 263 ORGANIZATION "IETF Softwire Working Group" 264 CONTACT-INFO 265 "Yu Fu 266 Huawei Technologies Co., Ltd 267 Huawei Building, 156 Beiqing Rd., Hai-Dian District 268 Beijing, P.R. China 100095 269 EMail: eleven.fuyu@huawei.com 271 Sheng Jiang 272 Huawei Technologies Co., Ltd 273 Huawei Building, 156 Beiqing Rd., Hai-Dian District 274 Beijing, P.R. China 100095 275 EMail: jiangsheng@huawei.com 277 Jiang Dong 278 Tsinghua University 279 Department of Computer Science, Tsinghua University 280 Beijing 100084 281 P.R. China 282 Email: knight.dongjiang@gmail.com 284 Yuchi Chen 285 Tsinghua University 286 Department of Computer Science, Tsinghua University 287 Beijing 100084 288 P.R. China 289 Email: flashfoxmx@gmail.com " 291 DESCRIPTION 292 "The MIB module is defined for management of object in the 293 DS-Lite scenario. " 294 REVISION "201308280000Z" 295 DESCRIPTION 296 "Initial version. Published as RFC xxxx." 297 --RFC Ed.: RFC-edtitor pls fill in xxxx 298 ::= { transmission xxx } 299 --RFC Ed.: assigned by IANA, see section 10 for details 301 --Top level components of this MIB module 302 dsliteMIBObjects OBJECT IDENTIFIER 303 ::= { dsliteMIB 1 } 305 dsliteTunnel OBJECT IDENTIFIER 306 ::= { dsliteMIBObjects 1 } 308 dsliteNAT OBJECT IDENTIFIER 309 ::= { dsliteMIBObjects 2 } 311 dsliteInfo OBJECT IDENTIFIER 312 ::= { dsliteMIBObjects 3 } 314 --Notifications section 316 dsliteTraps OBJECT IDENTIFIER 317 ::= { dsliteMIB 2 } 319 --dsliteTunnel 321 --dsliteTunnelTable 323 dsliteTunnelTable OBJECT-TYPE 324 SYNTAX SEQUENCE OF DsliteTunnelEntry 325 MAX-ACCESS not-accessible 326 STATUS current 327 DESCRIPTION 328 "The (conceptual) table containing information on configured 329 tunnels. This table can be used to map CPE address to the 330 associated AFTR address. It can also be used for row 331 creation." 332 ::= { dsliteTunnel 1 } 334 dsliteTunnelEntry OBJECT-TYPE 335 SYNTAX DsliteTunnelEntry 336 MAX-ACCESS not-accessible 337 STATUS current 338 DESCRIPTION 339 "Each entry in this table contains the information on a 340 particular configured tunnel." 341 INDEX { dsliteTunnelStartAddress, 342 dsliteTunnelEndAddress, 343 ifIndex } 344 ::= { dsliteTunnelTable 1 } 346 DsliteTunnelEntry ::= 347 SEQUENCE { 348 dsliteTunnelStartAddressType InetAddressType, 349 dsliteTunnelStartAddress InetAddress, 350 dsliteTunnelStartAddPreLen Integer32, 351 dsliteTunnelEndAddressType InetAddressType, 352 dsliteTunnelEndAddress InetAddress 353 } 355 dsliteTunnelStartAddressType OBJECT-TYPE 356 SYNTAX InetAddressType 357 MAX-ACCESS read-create 358 STATUS current 359 DESCRIPTION 360 "In this object, it MUST be set to the value of 2 to 361 present IPv6 type. It describes the address type of 362 the start point of the tunnel." 363 ::= { dsliteTunnelEntry 1 } 365 dsliteTunnelStartAddress OBJECT-TYPE 366 SYNTAX InetAddress 367 MAX-ACCESS not-accessible 368 STATUS current 369 DESCRIPTION 370 "The address of the start point of the tunnel." 371 ::= { dsliteTunnelEntry 2 } 373 dsliteTunnelStartAddPreLen OBJECT-TYPE 374 SYNTAX Integer32 (0..128) 375 MAX-ACCESS read-create 376 STATUS current 377 DESCRIPTION 378 "IPv6 prefix length of the IP address of the 379 start point of the tunnel." 380 ::= { dsliteTunnelEntry 3 } 382 dsliteTunnelEndAddressType OBJECT-TYPE 383 SYNTAX InetAddressType 384 MAX-ACCESS read-create 385 STATUS current 386 DESCRIPTION 387 "In this object, it MUST be set to the value of 2 to 388 present IPv6 type. It describes the address type of 389 the end point of the tunnel." 390 ::= { dsliteTunnelEntry 4 } 392 dsliteTunnelEndAddress OBJECT-TYPE 393 SYNTAX InetAddress 394 MAX-ACCESS not-accessible 395 STATUS current 396 DESCRIPTION 397 "The address of the endpoint of the tunnel." 398 ::= { dsliteTunnelEntry 5 } 400 --dsliteNAT 401 --dsliteNATMapTable(define address pool) 402 --dsliteNATBindTable(NAPT) 404 dsliteNATMapTable OBJECT-TYPE 405 SYNTAX SEQUENCE OF DsliteNATMapEntry 406 MAX-ACCESS not-accessible 407 STATUS current 408 DESCRIPTION 409 "This table contains information about address map 410 parameters." 411 ::= { dsliteNAT 1 } 413 dsliteNATMapEntry OBJECT-TYPE 414 SYNTAX DsliteNATMapEntry 415 MAX-ACCESS not-accessible 416 STATUS current 417 DESCRIPTION 418 " This entry represents an address map to be used for 419 NAT and contributes to the address mapping tables of 420 AFTR." 421 INDEX { ifIndex, 422 dsliteNATMapIndex } 423 ::= { dsliteNATMapTable 1 } 425 DsliteNATMapEntry ::= 426 SEQUENCE { 427 dsliteNATMapIndex NatAddrMapId, 428 dsliteNATMapLocalAddrFromType InetAddressType, 429 dsliteNATMapLocalAddrFrom InetAddress, 430 dsliteNATMapLocalAddrToType InetAddressType, 431 dsliteNATMapLocalAddrTo InetAddress, 432 dsliteNATMapLocalPortFrom InetPortNumber, 433 dsliteNATMapLocalPortTo InetPortNumber, 434 dsliteNATMapGlobalAddrFromType InetAddressType, 435 dsliteNATMapGlobalAddrFrom InetAddress, 436 dsliteNATMapGlobalAddrToType InetAddressType, 437 dsliteNATMapGlobalAddrTo InetAddress, 438 dsliteNATMapGlobalPortFrom InetPortNumber, 439 dsliteNATMapGlobalPortTo InetPortNumber, 440 dsliteNATMapAddrUsed Gauge32 441 } 443 dsliteNATMapIndex OBJECT-TYPE 444 SYNTAX NatAddrMapId 445 MAX-ACCESS not-accessible 446 STATUS current 447 DESCRIPTION 448 "Along with ifIndex, this object uniquely 449 identifies an entry in the dsliteNATMapTable. 450 Address map entries are applied in the order 451 specified by dsliteNATMapIndex." 452 ::= { dsliteNATMapEntry 1 } 454 dsliteNATMapLocalAddrFromType OBJECT-TYPE 455 SYNTAX InetAddressType 456 MAX-ACCESS read-create 457 STATUS current 458 DESCRIPTION 459 "It describes the address type of the 460 dsliteNATMapLocalAddrFrom object. In this 461 object, it MUST be set to the value of 1 to 462 present IPv4 type. It complies the textule 463 convention of IPv4 address defined in [RFC4001]." 464 ::= { dsliteNATMapEntry 2 } 466 dsliteNATMapLocalAddrFrom OBJECT-TYPE 467 SYNTAX InetAddress 468 MAX-ACCESS read-create 469 STATUS current 470 DESCRIPTION 471 "This object specifies the first IP address of the range 472 of IP addresses mapped by this translation entry. 473 The value of this object must be less than or 474 equal to the value of the dsliteNATMapLocalAddrTo 475 object." 476 ::= { dsliteNATMapEntry 3 } 478 dsliteNATMapLocalAddrToType OBJECT-TYPE 479 SYNTAX InetAddressType 480 MAX-ACCESS read-create 481 STATUS current 482 DESCRIPTION 483 "It describes the address type of the 484 dsliteNATMapLocalAddrTo object. In this 485 object, it MUST be set to the value of 1 to 486 present IPv4 type. It complies the textule 487 convention of IPv4 address defined in [RFC4001]." 488 ::= { dsliteNATMapEntry 4 } 490 dsliteNATMapLocalAddrTo OBJECT-TYPE 491 SYNTAX InetAddress 492 MAX-ACCESS read-create 493 STATUS current 494 DESCRIPTION 495 "This object specifies the last IP address of the range of 496 IP addresses mapped by this translation entry. If only 497 a single address is being mapped, the value of this 498 object is equal to the value of natAddrMapLocalAddrFrom. 499 The value of this object must be greater than or equal to 500 the value of the natAddrMapLocalAddrFrom object." 501 ::= { dsliteNATMapEntry 5 } 503 dsliteNATMapLocalPortFrom OBJECT-TYPE 504 SYNTAX InetPortNumber 505 MAX-ACCESS read-create 506 STATUS current 507 DESCRIPTION 508 "The value of this object must be less than or equal 509 to the value of the dsliteNATMapLocalPortTo object. 510 If the translation specifies a single port, then the 511 value of this object is equal to the value of 512 dsliteNATMapLocalPortTo." 513 DEFVAL { 0 } 514 ::= { dsliteNATMapEntry 6 } 516 dsliteNATMapLocalPortTo OBJECT-TYPE 517 SYNTAX InetPortNumber 518 MAX-ACCESS read-create 519 STATUS current 520 DESCRIPTION 521 "The value of this object must be greater than or equal 522 to the value of the dsliteNATMapLocalPortFrom object. 523 If the translation specifies a single port, then 524 the value of this object is equal to the value of 525 dsliteNATMapLocalPortFrom." 526 DEFVAL { 0 } 527 ::= { dsliteNATMapEntry 7 } 529 dsliteNATMapGlobalAddrFromType OBJECT-TYPE 530 SYNTAX InetAddressType 531 MAX-ACCESS read-create 532 STATUS current 533 DESCRIPTION 534 "It describes the address type of the 535 dsliteNATMapGlobalAddrFrom object. In this 536 object, it MUST be set to the value of 1 to 537 present IPv4 type. It complies the textule 538 convention of IPv4 address defined in [RFC4001]." 539 ::= { dsliteNATMapEntry 8 } 541 dsliteNATMapGlobalAddrFrom OBJECT-TYPE 542 SYNTAX InetAddress 543 MAX-ACCESS read-create 544 STATUS current 545 DESCRIPTION 546 "This object specifies the first IP address of 547 the range of IP addresses being mapped to. 548 The value of this object must be less than 549 or equal to the value of the 550 dsliteNATMapGlobalAddrTo object." 551 ::= { dsliteNATMapEntry 9 } 553 dsliteNATMapGlobalAddrToType OBJECT-TYPE 554 SYNTAX InetAddressType 555 MAX-ACCESS read-create 556 STATUS current 557 DESCRIPTION 558 "It describes the address type of the 559 dsliteNATMapGlobalAddrTo object. In this 560 object, it MUST be set to the value of 1 to 561 present IPv4 type. It complies the textule 562 convention of IPv4 address defined in [RFC4001]." 563 ::= { dsliteNATMapEntry 10 } 565 dsliteNATMapGlobalAddrTo OBJECT-TYPE 566 SYNTAX InetAddress 567 MAX-ACCESS read-create 568 STATUS current 569 DESCRIPTION 570 "This object specifies the last IP address of the range 571 of IP addresses being mapped to. If only a single 572 address is being mapped to, the value of this object 573 is equal to the value of dsliteNATMapGlobalAddrFrom. 574 The value of this object must be greater than or equal 575 to the value of the dsliteNATMapGlobalAddrFrom object." 576 ::= { dsliteNATMapEntry 11 } 578 dsliteNATMapGlobalPortFrom OBJECT-TYPE 579 SYNTAX InetPortNumber 580 MAX-ACCESS read-create 581 STATUS current 582 DESCRIPTION 583 "The value of this object must be less than or equal 584 to the value of the dsliteNATMapGlobalPortTo object. 585 If the translation specifies a single port, then the 586 value of this object is equal to the value 587 dsliteNATMapGlobalPortTo." 588 DEFVAL { 0 } 589 ::= { dsliteNATMapEntry 12 } 591 dsliteNATMapGlobalPortTo OBJECT-TYPE 592 SYNTAX InetPortNumber 593 MAX-ACCESS read-create 594 STATUS current 595 DESCRIPTION 596 "The value of this object must be greater than or 597 equal to the value of the dsliteNATMapGlobalPortFrom 598 object. If the translation specifies a single port, 599 then the value of this object is equal to the 600 value of dsliteNATMapGlobalPortFrom." 601 DEFVAL { 0 } 602 ::= { dsliteNATMapEntry 13 } 604 dsliteNATMapAddrUsed OBJECT-TYPE 605 SYNTAX Gauge32 606 MAX-ACCESS read-only 607 STATUS current 608 DESCRIPTION 609 "The number of addresses pertaining to this address 610 map that are currently being used from the NAT pool." 611 ::= { dsliteNATMapEntry 14 } 613 dsliteNATBindTable OBJECT-TYPE 614 SYNTAX SEQUENCE OF DsliteNATBindEntry 615 MAX-ACCESS not-accessible 616 STATUS current 617 DESCRIPTION 618 "This table contains information about currently 619 active NAT binds in AFTR. This table extends the 620 natAddrPortBindTable designed in NAT MIB (RFC 621 4008) by IPv6 address of B4." 622 ::= { dsliteNAT 2 } 624 dsliteNATBindEntry OBJECT-TYPE 625 SYNTAX DsliteNATBindEntry 626 MAX-ACCESS not-accessible 627 STATUS current 628 DESCRIPTION 629 "Each entry in this table holds the relationship between 630 tunnel information and nat bind information. These entries 631 are lost upon agent restart." 632 INDEX { ifIndex, 633 dsliteNATBindLocalAddr, 634 dsliteNATBindLocalPort, 635 dsliteTunnelStartAddress, 636 dsliteTunnelStartAddPreLen } 637 ::= { dsliteNATBindTable 1 } 639 DsliteNATBindEntry ::= 640 SEQUENCE { 641 dsliteNATBindLocalAddrType InetAddressType, 642 dsliteNATBindLocalAddr InetAddress, 643 dsliteNATBindLocalPort InetPortNumber, 644 dsliteNATBindGlobalAddrType InetAddressType, 645 dsliteNATBindGlobalAddr InetAddress, 646 dsliteNATBindGlobalPort InetPortNumber, 647 dsliteNATBindId NatBindId, 648 dsliteNATBindMapIndex NatAddrMapId, 649 dsliteNATBindSessions Gauge32, 650 dsliteNATBindMaxIdleTime TimeTicks, 651 dsliteNATBindCurrentIdleTime TimeTicks, 652 dsliteNATBindInTranslates Counter64, 653 dsliteNATBindOutTranslates Counter64 654 } 656 dsliteNATBindLocalAddrType OBJECT-TYPE 657 SYNTAX InetAddressType 658 MAX-ACCESS read-create 659 STATUS current 660 DESCRIPTION 661 " This object specifies the address type used for 662 dsliteNATBindLocalAddr." 663 ::= { dsliteNATBindEntry 1 } 665 dsliteNATBindLocalAddr OBJECT-TYPE 666 SYNTAX InetAddress 667 MAX-ACCESS not-accessible 668 STATUS current 669 DESCRIPTION 670 "This object represents the private IP address of host." 671 ::= { dsliteNATBindEntry 2 } 673 dsliteNATBindLocalPort OBJECT-TYPE 674 SYNTAX InetPortNumber 675 MAX-ACCESS not-accessible 676 STATUS current 677 DESCRIPTION 678 "For a protocol value TCP or UDP, this object represents 679 the private-realm specific port number. On the other 680 hand, for ICMP a bind is created only for query/response 681 type ICMP messages such as ICMP echo, Timestamp, and 682 Information request messages, and this object represents 683 the private-realm specific identifier in the ICMP 684 message, as defined in RFC 792 for ICMPv4." 685 ::= { dsliteNATBindEntry 3 } 687 dsliteNATBindGlobalAddrType OBJECT-TYPE 688 SYNTAX InetAddressType 689 MAX-ACCESS read-create 690 STATUS current 691 DESCRIPTION 692 " This object specifies the address type used for 693 dsliteNATBindGlobalAddr." 694 ::= { dsliteNATBindEntry 4 } 696 dsliteNATBindGlobalAddr OBJECT-TYPE 697 SYNTAX InetAddress 698 MAX-ACCESS read-only 699 STATUS current 700 DESCRIPTION 701 "This object represents the public-realm IP 702 address of host." 703 ::= { dsliteNATBindEntry 5 } 705 dsliteNATBindGlobalPort OBJECT-TYPE 706 SYNTAX InetPortNumber 707 MAX-ACCESS read-only 708 STATUS current 709 DESCRIPTION 710 "For a protocol value TCP or UDP, this object represents 711 the public-realm specific port number. On the other 712 hand, for ICMP a bind is created only for query/response 713 type ICMP messages such as ICMP echo, Timestamp, and 714 Information request messages, and this object represents 715 the public-realm specific identifier in the ICMP 716 message, as defined in RFC 792 for ICMPv4." 717 ::= { dsliteNATBindEntry 6 } 719 dsliteNATBindId OBJECT-TYPE 720 SYNTAX NatBindId 721 MAX-ACCESS read-only 722 STATUS current 723 DESCRIPTION 724 "This object represents a bind id that is 725 dynamically assigned to each bind by AFTR. 726 Each bind is represented by a unique bind 727 id across the dsliteNATBindTable." 728 ::= { dsliteNATBindEntry 7 } 730 dsliteNATBindMapIndex OBJECT-TYPE 731 SYNTAX NatAddrMapId 732 MAX-ACCESS read-only 733 STATUS current 734 DESCRIPTION 735 "This object is a pointer to the dsliteNATMapTable 736 entry used in creating this BIND." 737 ::= { dsliteNATBindEntry 8 } 739 dsliteNATBindSessions OBJECT-TYPE 740 SYNTAX Gauge32 741 MAX-ACCESS read-only 742 STATUS current 743 DESCRIPTION 744 " This object represents the number of sessions currently 745 using this BIND." 746 ::= { dsliteNATBindEntry 9 } 748 dsliteNATBindMaxIdleTime OBJECT-TYPE 749 SYNTAX TimeTicks 750 MAX-ACCESS read-only 751 STATUS current 752 DESCRIPTION 753 "This object indicates the maximum time for 754 which this bind can be idle without any sessions 755 attached to it." 756 ::= { dsliteNATBindEntry 10 } 758 dsliteNATBindCurrentIdleTime OBJECT-TYPE 759 SYNTAX TimeTicks 760 MAX-ACCESS read-only 761 STATUS current 762 DESCRIPTION 763 "At any given instance, this object indicates the 764 time that this bind has been idle without any sessions 765 attached to it." 766 ::= { dsliteNATBindEntry 11 } 768 dsliteNATBindInTranslates OBJECT-TYPE 769 SYNTAX Counter64 770 MAX-ACCESS read-only 771 STATUS current 772 DESCRIPTION 773 "The number of inbound packets that were 774 translated as per this bind entry." 775 ::= { dsliteNATBindEntry 12 } 777 dsliteNATBindOutTranslates OBJECT-TYPE 778 SYNTAX Counter64 779 MAX-ACCESS read-only 780 STATUS current 781 DESCRIPTION 782 "The number of outbound packets that were 783 translated as per this bind entry." 784 ::= { dsliteNATBindEntry 13 } 786 --dsliteInfo 788 dsliteSessionLimitTable OBJECT-TYPE 789 SYNTAX SEQUENCE OF DsliteSessionLimitEntry 790 MAX-ACCESS not-accessible 791 STATUS current 792 DESCRIPTION 793 "The (conceptual) table containing information about session 794 limit. It can also be used for row creation." 795 ::= { dsliteInfo 1 } 797 dsliteSessionLimitEntry OBJECT-TYPE 798 SYNTAX DsliteSessionLimitEntry 799 MAX-ACCESS not-accessible 800 STATUS current 801 DESCRIPTION 802 "Each entry in this table contains the information to be 803 used for configuring session limits for DS-lite." 804 INDEX { dsliteSessionLimitInstanceName, 805 dsliteSessionLimitType } 806 ::= { dsliteSessionLimitTable 1 } 808 DsliteSessionLimitEntry ::= 809 SEQUENCE { 810 dsliteSessionLimitInstanceName DisplayString, 811 dsliteSessionLimitType INTEGER, 812 dsliteSessionLimitNumber Integer32 813 } 815 dsliteSessionLimitInstanceName OBJECT-TYPE 816 SYNTAX DisplayString (SIZE (1..31)) 817 MAX-ACCESS not-accessible 818 STATUS current 819 DESCRIPTION 820 " This object represents the instance name 821 that is limited." 822 ::= { dsliteSessionLimitEntry 1 } 824 dsliteSessionLimitType OBJECT-TYPE 825 SYNTAX INTEGER 826 { 827 tcp(0), 828 udp(1), 829 icmp(2), 830 total(3) 831 } 832 MAX-ACCESS not-accessible 833 STATUS current 834 DESCRIPTION 835 "This object represents the session limit type: 836 tcp or udp or totally." 837 ::= { dsliteSessionLimitEntry 2 } 839 dsliteSessionLimitNumber OBJECT-TYPE 840 SYNTAX Integer32 (1..65535) 841 MAX-ACCESS read-create 842 STATUS current 843 DESCRIPTION 844 " This table represents the limit number of the session." 845 ::= { dsliteSessionLimitEntry 3 } 847 dslitePortLimitTable OBJECT-TYPE 848 SYNTAX SEQUENCE OF DslitePortLimitEntry 849 MAX-ACCESS not-accessible 850 STATUS current 851 DESCRIPTION 852 "This table is used to configure port limits for a 853 DS-Lite instance." 854 ::= { dsliteInfo 2 } 856 dslitePortLimitEntry OBJECT-TYPE 857 SYNTAX DslitePortLimitEntry 858 MAX-ACCESS not-accessible 859 STATUS current 860 DESCRIPTION 861 "Each entry in this table contains the information to be 862 used for configuring port limits for DS-lite." 863 INDEX { dslitePortLimitInstanceName, 864 dslitePortLimitType } 865 ::= { dslitePortLimitTable 1 } 867 DslitePortLimitEntry ::= 868 SEQUENCE { 869 dslitePortLimitInstanceName DisplayString, 870 dslitePortLimitType INTEGER, 871 dslitePortLimitNumber Integer32 872 } 874 dslitePortLimitInstanceName OBJECT-TYPE 875 SYNTAX DisplayString (SIZE (1..31)) 876 MAX-ACCESS not-accessible 877 STATUS current 878 DESCRIPTION 879 " This object represents the instance name 880 that is limited." 881 ::= { dslitePortLimitEntry 1 } 883 dslitePortLimitType OBJECT-TYPE 884 SYNTAX INTEGER 885 { 886 tcp(0), 887 udp(1), 888 icmp(2), 889 total(3) 890 } 891 MAX-ACCESS not-accessible 892 STATUS current 893 DESCRIPTION 894 "This object represents the port limit 895 type: tcp or udp or totally." 896 ::= { dslitePortLimitEntry 2 } 898 dslitePortLimitNumber OBJECT-TYPE 899 SYNTAX Integer32 (1..300000) 900 MAX-ACCESS read-create 901 STATUS current 902 DESCRIPTION 903 "This object represents the limit number of the 904 port usage." 905 ::= { dslitePortLimitEntry 3 } 907 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 3 } 909 dsliteAFTRAlarmB4Addr OBJECT-TYPE 910 SYNTAX DisplayString 911 MAX-ACCESS accessible-for-notify 912 STATUS current 913 DESCRIPTION 914 "This object indicate the IP address of 915 B4 that send alarm " 916 ::= { dsliteAFTRAlarmScalar 1 } 918 dsliteAFTRAlarmProtocolType OBJECT-TYPE 919 SYNTAX DisplayString 920 MAX-ACCESS accessible-for-notify 921 STATUS current 922 DESCRIPTION 923 "This object indicate the procotol type of alarm, 924 0:tcp,1:udp,2:icmp,3:total " 925 ::= { dsliteAFTRAlarmScalar 2 } 927 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 928 SYNTAX DisplayString 929 MAX-ACCESS accessible-for-notify 930 STATUS current 931 DESCRIPTION 932 "This object indicate the name of dsliteNATMapAddrName " 933 ::= { dsliteAFTRAlarmScalar 3 } 935 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 936 SYNTAX DisplayString 937 MAX-ACCESS accessible-for-notify 938 STATUS current 939 DESCRIPTION 940 " This object indicate the IP address whose port usage 941 reach threshold " 942 ::= { dsliteAFTRAlarmScalar 4 } 944 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 945 SYNTAX Integer32 (60..90) 946 MAX-ACCESS read-write 947 STATUS current 948 DESCRIPTION 949 " This object indicate the threshold of DS-Lite 950 connections alarm." 951 ::= { dsliteAFTRAlarmScalar 5 } 953 dsliteStatisticTable OBJECT-TYPE 954 SYNTAX SEQUENCE OF DsliteStatisticEntry 955 MAX-ACCESS not-accessible 956 STATUS current 957 DESCRIPTION 958 "This table provides statistical information 959 of DS-Lite." 960 ::= { dsliteInfo 4 } 962 dsliteStatisticEntry OBJECT-TYPE 963 SYNTAX DsliteStatisticEntry 964 MAX-ACCESS not-accessible 965 STATUS current 966 DESCRIPTION 967 "This table provides statistical information 968 of DS-Lite." 969 INDEX { dsliteStatisticInstanceName } 970 ::= { dsliteStatisticTable 1 } 972 DsliteStatisticEntry ::= 973 SEQUENCE { 974 dsliteStatisticInstanceName DisplayString, 975 dsliteStatisticDiscard Counter64, 976 dsliteStatisticReceived Counter64, 977 dsliteStatisticTransmitted Counter64, 978 dsliteStatisticIpv4Session Counter64, 979 dsliteStatisticIpv6Session Counter64 980 } 982 dsliteStatisticInstanceName OBJECT-TYPE 983 SYNTAX DisplayString (SIZE (1..31)) 984 MAX-ACCESS not-accessible 985 STATUS current 986 DESCRIPTION 987 " This object indicate the instance name 988 that is limited." 989 ::= { dsliteStatisticEntry 1 } 991 dsliteStatisticDiscard OBJECT-TYPE 992 SYNTAX Counter64 993 MAX-ACCESS read-only 994 STATUS current 995 DESCRIPTION 996 " This object indicate the count number of 997 the discarded packet." 998 ::= { dsliteStatisticEntry 2 } 1000 dsliteStatisticReceived OBJECT-TYPE 1001 SYNTAX Counter64 1002 MAX-ACCESS read-only 1003 STATUS current 1004 DESCRIPTION 1005 "This object indicate the count number of 1006 received packet count." 1007 ::= { dsliteStatisticEntry 3 } 1009 dsliteStatisticTransmitted OBJECT-TYPE 1010 SYNTAX Counter64 1011 MAX-ACCESS read-only 1012 STATUS current 1013 DESCRIPTION 1014 "This object indicate the count number of 1015 transmitted packet count." 1016 ::= { dsliteStatisticEntry 4 } 1018 dsliteStatisticIpv4Session OBJECT-TYPE 1019 SYNTAX Counter64 1020 MAX-ACCESS read-only 1021 STATUS current 1022 DESCRIPTION 1023 " This object indicate the number of the 1024 current IPv4 Session." 1025 ::= { dsliteStatisticEntry 5 } 1027 dsliteStatisticIpv6Session OBJECT-TYPE 1028 SYNTAX Counter64 1029 MAX-ACCESS read-only 1030 STATUS current 1031 DESCRIPTION 1032 " This object indicate the number of the 1033 current IPv6 Session." 1034 ::= { dsliteStatisticEntry 6 } 1036 ---dslite trap 1037 dsliteTunnelNumAlarm NOTIFICATION-TYPE 1038 STATUS current 1039 DESCRIPTION 1040 "This trap is triggered when dslite tunnel 1041 reach the threshold." 1042 ::= { dsliteTraps 1 } 1044 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 1045 OBJECTS { dsliteAFTRAlarmProtocolType, 1046 dsliteAFTRAlarmB4Addr } 1047 STATUS current 1048 DESCRIPTION 1049 " This trap is triggered when sessions of 1050 user reach the threshold." 1051 ::= { dsliteTraps 2 } 1053 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 1054 OBJECTS { dsliteAFTRAlarmMapAddrName, 1055 dsliteAFTRAlarmSpecificIP } 1056 STATUS current 1057 DESCRIPTION 1058 "This trap is triggered when used NAT 1059 ports of map address reach the threshold." 1060 ::= { dsliteTraps 3 } 1062 --Module Conformance statement 1064 dsliteConformance OBJECT IDENTIFIER 1065 ::= { dsliteMIB 3 } 1067 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 1069 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 1071 -- compliance statements 1073 dsliteCompliance MODULE-COMPLIANCE 1074 STATUS current 1075 DESCRIPTION 1076 " Description the minimal requirements for conformance 1077 to the DS-Lite MIB." 1078 MODULE -- this module 1079 MANDATORY-GROUPS { dsliteNATMapGroup,dsliteNATBindGroup, 1080 dsliteTunnelGroup, dsliteSessionLimitGroup, 1081 dslitePortLimitGroup, dsliteStatisticGroup, 1082 dsliteTrapsGroup,dsliteAFTRAlarmScalarGroup } 1083 ::= { dsliteCompliances 1 } 1085 dsliteNATMapGroup OBJECT-GROUP 1086 OBJECTS { 1087 dsliteNATMapLocalAddrFromType, 1088 dsliteNATMapLocalAddrFrom, 1089 dsliteNATMapLocalAddrTo, dsliteNATMapLocalAddrToType, 1090 dsliteNATMapLocalPortFrom, 1091 dsliteNATMapLocalPortTo, dsliteNATMapGlobalAddrFrom, 1092 dsliteNATMapGlobalAddrFromType, 1093 dsliteNATMapGlobalAddrTo, 1094 dsliteNATMapGlobalAddrToType, 1095 dsliteNATMapGlobalPortFrom, 1096 dsliteNATMapGlobalPortTo, dsliteNATMapAddrUsed } 1097 STATUS current 1098 DESCRIPTION 1099 " The collection of this objects are used to give the 1100 information about NAT address mapping." 1101 ::= { dsliteGroups 1 } 1103 dsliteTunnelGroup OBJECT-GROUP 1104 OBJECTS { dsliteTunnelStartAddressType, 1105 dsliteTunnelStartAddPreLen, 1106 dsliteTunnelEndAddressType } 1107 STATUS current 1108 DESCRIPTION 1109 " The collection of this objects are used to give the 1110 information of tunnel in ds-lite." 1111 ::= { dsliteGroups 2 } 1113 dsliteNATBindGroup OBJECT-GROUP 1114 OBJECTS { 1115 dsliteNATBindLocalAddrType, 1116 dsliteNATBindGlobalAddrType, 1117 dsliteNATBindGlobalAddr, 1118 dsliteNATBindGlobalPort, 1119 dsliteNATBindId, 1120 dsliteNATBindMapIndex, 1121 dsliteNATBindSessions, 1122 dsliteNATBindMaxIdleTime, 1123 dsliteNATBindCurrentIdleTime, 1124 dsliteNATBindInTranslates, 1125 dsliteNATBindOutTranslates } 1126 STATUS current 1127 DESCRIPTION 1128 " The collection of this objects are used to give the 1129 information about NAT Bind." 1130 ::= { dsliteGroups 3 } 1132 dsliteSessionLimitGroup OBJECT-GROUP 1133 OBJECTS { dsliteSessionLimitNumber } 1134 STATUS current 1135 DESCRIPTION 1136 " The collection of this objects are used to give the 1137 information about port limit." 1138 ::= { dsliteGroups 4 } 1140 dslitePortLimitGroup OBJECT-GROUP 1141 OBJECTS { dslitePortLimitNumber } 1142 STATUS current 1143 DESCRIPTION 1144 " The collection of this objects are used to give the 1145 information about port limit." 1146 ::= { dsliteGroups 5 } 1148 dsliteStatisticGroup OBJECT-GROUP 1149 OBJECTS { dsliteStatisticDiscard, 1150 dsliteStatisticReceived, 1151 dsliteStatisticTransmitted, 1152 dsliteStatisticIpv4Session, 1153 dsliteStatisticIpv6Session } 1154 STATUS current 1155 DESCRIPTION 1156 " The collection of this objects are used to give the 1157 statistical information of ds-lite." 1158 ::= { dsliteGroups 6 } 1160 dsliteTrapsGroup NOTIFICATION-GROUP 1161 NOTIFICATIONS { dsliteTunnelNumAlarm, 1162 dsliteAFTRUserSessionNumAlarm, 1163 dsliteAFTRPortUsageOfSpecificIpAlarm } 1164 STATUS current 1165 DESCRIPTION 1166 "The collection of this objects are used to give the 1167 trap information of ds-lite." 1168 ::= { dsliteGroups 7 } 1170 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 1171 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 1172 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 1173 dsliteAFTRAlarmConnectNumber } 1175 STATUS current 1176 DESCRIPTION 1177 " The collection of this objects are used to give the 1178 information about AFTR alarming Scalar." 1179 ::= { dsliteGroups 8 } 1181 END 1183 9. Extending this MIB for Gateway Initiated Dual-Stack Lite 1185 Similar to DS-lite, GI-DS-lite enables the service provider to 1186 share public IPv4 addresses among different customers by combining 1187 tunneling and NAT. GI-DS-lite extends existing access tunnels 1188 beyond the access gateway to an IPv4-IPv4 NAT using softwires with 1189 an embedded context identifier that uniquely identifies the end host 1190 the tunneled packets belong to. The MIB defined in this document can 1191 easily extended to use for GI-DS-Lite scenario. New object as CID 1192 SHOULD be extended to the dsliteTunnelTable. And a new object as 1193 dsliteTunnelID can be defined in DS-Lite MIB as SWID in GI-DS-Lite. 1194 Both CID and SWID SHOULD be extended to the dsliteNATBindTable.The 1195 combination of CID and SWID will be used as the unique identifier for 1196 the end host and store it in the NAT binding entry. 1198 10. IANA Considerations 1200 The MIB module in this document uses the following IANA-assigned 1201 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 1202 the following IANA-assigned tunnelType values recorded in the 1203 IANAtunnelType-MIB registry: 1205 Descriptor OBJECT IDENTIFIER value 1206 ---------- ----------------------- 1207 DSLite-MIB { transmission XXX } 1209 IANAtunnelType ::= TEXTUAL-CONVENTION 1211 SYNTAX INTEGER { 1213 dsLite ("XX") -- dslite tunnel 1215 } 1217 Notes: As the Appendix A of the IP Tunnel MIB[RFC4087] described that 1218 it has already assigned the value direct(2) to indicate the tunnel 1219 type is IP in ip tunnel, but it is still difficult to distinguish the 1220 DS-Lite tunnel packets and the normal IP in IP tunnel packets in the 1221 scenario of the AFTR connecting to both the DS-lite tunnel and IP in 1222 IP tunnel. 1224 11. Security Considerations 1226 The DS-Lite MIB module can be used for configuration of certain 1227 objects, and anything that can be incorrectly configured, with 1228 potentially disastrous results. Because this MIB module reuses the 1229 IP tunnel MIB and nat MIB, the security considerations for these MIBs 1230 are also applicable to the DS-Lite MIB. 1232 Unauthorized read access todsliteTunnelEndAddress, or any object in 1233 the dsliteBindRelationTable or dslitePortBindRelationTable would 1234 reveal information about the mapping information. 1236 SNMP versions prior to SNMPv3 did not include adequate security. 1237 Even if the network itself is secure (for example by using IPSec), 1238 even then, there is no control as to who on the secure network is 1239 allowed to access and GET/SET (read/change/create/delete) the objects 1240 in this MIB module. 1242 It is RECOMMENDED that implementers consider the security features as 1243 provided by the SNMPv3 framework (see [RFC3410], section 8), 1244 including full support for the SNMPv3 cryptographic mechanisms (for 1245 authentication and privacy). 1247 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1248 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1249 enable cryptographic security. It is then a customer/operator 1250 responsibility to ensure that the SNMP entity giving access to an 1251 instance of this MIB module is properly configured to give access to 1252 the objects only to those principals (users) that have legitimate 1253 rights to indeed GET or SET (change/create/delete) them. 1255 12. References 1257 12.1. Normative References 1259 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1260 Requirement Levels", BCP 14, RFC 2119, March 1997. 1262 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1263 "Structure of Management Information Version 2 (SMIv2)", 1264 RFC 2578, April 1999. 1266 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual 1267 Conventions for SMIv2", RFC 2579, April 1999. 1269 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 1270 "Conformance Statements for SMIv2", RFC 2580, April 1999. 1272 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 1273 MIB", RFC 2863, June 2000. 1275 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1276 Architecture for Describing Simple Network Management 1277 Protocol (SNMP) Management Frameworks", RFC 3411, December 1278 2002. 1280 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1281 Schoenwaelder, "Textual Conventions for Internet Network 1282 Addresses", RFC 4001, February 2005. 1284 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and 1285 Wang, C., "Definitions of Managed Objects for Network 1286 Address Translators (NAT)", RFC 4008, March 2005. 1288 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 1290 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1291 Stack Lite Broadband Deployments Following IPv4 1292 Exhaustion", RFC6333, August 2011. 1294 [RFC6674] Brockners, F., Gundavelli, S., Speicher, S., Ward, D. 1295 "Gateway-Initiated Dual-Stack Lite Deployment", RFC 6674, 1296 July 2012. 1298 12.2. Informative References 1300 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1301 "Introduction and Applicability Statements for Internet- 1302 Standard Management Framework", RFC 3410, December 2002. 1304 Author's Addresses 1306 Yu Fu 1307 Huawei Technologies Co., Ltd 1308 Huawei Building, 156 Beiqing Rd., 1309 Hai-Dian District, Beijing 100095 1310 P.R. China 1311 Email: eleven.fuyu@huawei.com 1313 Sheng Jiang 1314 Huawei Technologies Co., Ltd 1315 Huawei Building, 156 Beiqing Rd., 1316 Hai-Dian District, Beijing 100095 1317 P.R. China 1318 Email: jiangsheng@huawei.com 1320 Jiang Dong 1321 Tsinghua University 1322 Department of Computer Science, Tsinghua University 1323 Beijing 100084 1324 P.R. China 1325 Email: knight.dongjiang@gmail.com 1327 Yuchi Chen 1328 Tsinghua University 1329 Department of Computer Science, Tsinghua University 1330 Beijing 100084 1331 P.R. China 1332 Email: flashfoxmx@gmail.com