idnits 2.17.1 draft-ietf-softwire-dslite-mib-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There is 1 instance of too long lines in the document, the longest one being 1 character in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (November 4, 2013) is 3823 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'RFC 6333' is mentioned on line 76, but not defined == Missing Reference: 'I-D.ietf-behave-nat-mib' is mentioned on line 183, but not defined == Missing Reference: 'RFC4787' is mentioned on line 545, but not defined == Missing Reference: 'RFC3414' is mentioned on line 860, but not defined == Missing Reference: 'RFC3826' is mentioned on line 860, but not defined == Missing Reference: 'RFC5591' is mentioned on line 862, but not defined == Missing Reference: 'RFC5592' is mentioned on line 862, but not defined == Missing Reference: 'RFC6353' is mentioned on line 863, but not defined == Unused Reference: 'RFC6674' is defined on line 913, but no explicit reference was found in the text ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) Summary: 2 errors (**), 0 flaws (~~), 11 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Softwire Y. Fu 2 Internet Draft S. Jiang 3 Intended status: Standards Track Huawei Technologies Co., Ltd 4 Expires: May 08, 2014 J. Dong 5 Y. Chen 6 Tsinghua University 7 November 4, 2013 9 DS-Lite Management Information Base (MIB) 10 draft-ietf-softwire-dslite-mib-04 12 Status of this Memo 14 This Internet-Draft is submitted in full conformance with the 15 provisions of BCP 78 and BCP 79. 17 Internet-Drafts are working documents of the Internet Engineering 18 Task Force (IETF). Note that other groups may also distribute working 19 documents as Internet-Drafts. The list of current Internet-Drafts is 20 at http://datatracker.ietf.org/drafts/current/. 22 Internet-Drafts are draft documents valid for a maximum of six months 23 and may be updated, replaced, or obsoleted by other documents at any 24 time. It is inappropriate to use Internet-Drafts as reference 25 material or to cite them other than as "work in progress." 27 This Internet-Draft will expire on May 08, 2014. 29 Copyright Notice 31 Copyright (c) 2013 IETF Trust and the persons identified as the 32 document authors. All rights reserved. 34 This document is subject to BCP 78 and the IETF Trust's Legal 35 Provisions Relating to IETF Documents 36 (http://trustee.ietf.org/license-info) in effect on the date of 37 publication of this document. Please review these documents 38 carefully, as they describe your rights and restrictions with respect 39 to this document. Code Components extracted from this document must 40 include Simplified BSD License text as described in Section 4.e of 41 the Trust Legal Provisions and are provided without warranty as 42 described in the Simplified BSD License. 44 Abstract 46 This memo defines a portion of the Management Information Base (MIB) for 47 using with network management protocols in the Internet community. In 48 particular, it defines managed objects for Dual-Stack Lite (DS-Lite). 50 Table of Contents 52 1. Introduction ................................................. 3 53 2. The Internet-Standard Management Framework ................... 3 54 3. Terminology .................................................. 3 55 4. Relationship to the IF-MIB ................................... 3 56 5. Difference from the IP tunnel MIB and NAT MIB ................ 4 57 6. Structure of the MIB Module .................................. 5 58 6.1. The Object Group ........................................ 5 59 6.1.1. The dsliteTunnel Subtree ........................... 5 60 6.1.2. The dsliteNAT Subtree .............................. 5 61 6.1.3. The dsliteInfo Subtree ............................. 5 62 6.2. The Notification Group .................................. 5 63 6.2.1. The dsliteTrap Subtree ............................. 6 64 6.3. The Conformance Group ................................... 6 65 7. MIB modules required for IMPORTS ............................. 6 66 8. Definitions .................................................. 6 67 9. IANA Considerations ......................................... 18 68 10. Security Considerations .................................... 18 69 11. References ................................................. 20 70 11.1. Normative References .................................. 20 71 11.2. Informative References ................................ 21 72 Author's Addresses ............................................. 21 74 1. Introduction 76 Dual-Stack Lite [RFC 6333] is a solution to offer both IPv4 and IPv6 77 connectivity to customers crossing an IPv6 only infrastructure. One 78 of its key components is an IPv4-over-IPv6 tunnel, which is used to 79 provide IPv4 connectivity across a service provider's IPv6 network. 80 Another key component is a carrier-grade IPv4-IPv4 Network Address 81 Translation (NAT) to share service provider IPv4 addresses among 82 customers. 84 This document defines a portion of the Management Information Base 85 (MIB) for using with network management protocols in the Internet 86 community. This MIB module may be used for configuration and 87 monitoring devices in a Dual-Stack Lite scenario. 89 2. The Internet-Standard Management Framework 91 For a detailed overview of the documents that describe the current 92 Internet-Standard Management Framework, please refer to section 7 of 93 RFC 3410 [RFC3410]. 95 Managed objects are accessed via a virtual information store, termed 96 the Management Information Base or MIB. MIB objects are generally 97 accessed through the Simple Network Management Protocol 98 (SNMP).Objects in the MIB are defined using the mechanisms defined in 99 the Structure of Management Information (SMI). This memo specifies a 100 MIB module that is compliant to the SMIv2, which is described in STD 101 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579] and STD 58, RFC 102 2580 [RFC2580]. 104 3. Terminology 106 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 107 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 108 document are to be interpreted as described in BCP 14, RFC2119 109 [RFC2119]. 111 4. Relationship to the IF-MIB 113 The Interfaces MIB [RFC2863] defines generic managed objects for 114 managing interfaces. Each logical interface (physical or virtual)has 115 an ifEntry. Tunnels are handled by creating a logical interface 116 (ifEntry) for each tunnel. Each DS-Lite tunnel also acts as a virtual 117 interface, which has a corresponding entry in the IP Tunnel MIB and 118 Interface MIB. Those corresponding entries are indexed by ifIndex. 120 The ifOperStatus in ifTable is used to represent whether the 121 DS-Lite tunnel function has been originated. The ifInUcastPkts 122 defined in ifTable will represent the number of IPv4 packets that 123 have been encapsulated into IPv6 packets sent to a B4. The 124 ifOutUcastPkts defined in ifTable contains the number of IPv6 packets 125 that can be decapsulated to IPv4 in the virtual interface. Also, the 126 IF-MIB defines ifMtu for the MTU of this tunnel interface, so DS-Lite 127 MIB does not need to define the MTU for the tunnel. 129 5. Difference from the IP tunnel MIB and NAT MIB 131 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnels 132 and NAT (IPv4 to IPv4 translation). 134 Notes: According to section 5.2 of RFC 6333 [RFC6333], DS-Lite only 135 defines IPv4 in IPv6 tunnels at this moment, but other types of 136 encapsulation could be defined in the future. So this DS-Lite MIB 137 only supports IP in IP encapsulation, if another RFC defined other 138 tunnel types in the future, this DS-Lite MIB will be updated then. 140 The NAT MIB[I-D.ietf-behave-nat-mib] is designed to carry translation 141 from any address family to any address family, therefore it supports 142 IPv4 to IPv4 translation. 144 The IP Tunnel MIB [RFC4087] is designed for managing tunnels of any 145 type over IPv4 and IPv6 networks, therefore it supports IP in IP 146 tunnels. 148 However, the NAT MIB and IP Tunnel MIB together are not sufficient to 149 support DS-Lite. This document describes the specific MIB 150 requirements for DS-Lite, as below. 152 In a DS-Lite scenario, the tunnel type is IP in IP, more 153 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 154 describe tunnel type in DS-Lite MIB. 156 In a DS-Lite scenario, the translation type is IPv4 private 157 address to IPv4 public address. Therefore, it is unnecessary to 158 describe the type of address in the corresponding 159 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 160 which are defined in the IP Tunnel MIB for DS-Lite MIB. 162 In a DS-Lite scenario, the AFTR is not only the tunnel end 163 concentrator, but also a 4-4 translator. Within the Address 164 Family Transition Router (AFTR), tunnel information and 165 translation information MUST be mapped each other. But the 166 tunnel entry defined in the IP Tunnel MIB and the NAT mapping 167 entry defined in the NAT MIB are not able to reflect this 168 mapping relationship. Therefore, a combined MIB is necessary. 170 The implementation of the IP Tunnel MIB is required for DS-Lite. The 171 tunnelIfEncapsMethod in the tunnelIfEntry should be set to 172 dsLite("xx"), and a corresponding entry in the DS-Lite module will 173 exist for every tunnelIfEntry with this tunnelIfEncapsMethod. The 174 tunnelIfRemoteInetAddress must be set to "::". 176 6. Structure of the MIB Module 178 The DS-Lite MIB provides a way to monitor and manage the devices 179 (AFTRs)in DS-Lite scenario through SNMP. 181 The DS-Lite MIB is configurable on a per-interface basis. It depends 182 on several parts of the IF-MIB [RFC2863], IP Tunnel MIB [RFC4087], 183 and NAT MIB [I-D.ietf-behave-nat-mib]. 185 6.1. The Object Group 187 This Group defines objects that are needed for DS-Lite MIB. 189 6.1.1. The dsliteTunnel Subtree 191 The dsliteTunnel subtree describes managed objects used for managing 192 tunnels in the DS-Lite scenario. Because some objects defined in the 193 IP Tunnel MIB are "not access", a few new objects are defined in DS- 194 Lite MIB. 196 6.1.2. The dsliteNAT Subtree 198 The dsliteNAT subtree describes managed objects used for 199 configuration as well as monitoring of AFTR which is capable of a NAT 200 function. Because the NAT MIB supports the NAT management function in 201 DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT subtree also 202 provides the information of mapping relationship between the tunnel 203 entry and NAT entry by extending the IPv6 address of B4 to the 204 natMappingTableEntry in the NAT MIB. 206 6.1.3. The dsliteInfo Subtree 208 The dsliteInfo subtree provides statistical information for DS-Lite. 210 6.2. The Notification Group 212 This group defines some notification objects for DS-Lite. 214 6.2.1. The dsliteTrap Subtree 216 The dsliteTrap subtree provides trap information in DS-Lite scenario. 218 6.3. The Conformance Group 220 The dsliteConformance subtree provides conformance information of MIB 221 objects. 223 7. MIB modules required for IMPORTS 225 This MIB module IMPORTs objects from [RFC4008], [RFC2580], [RFC2578], 226 [RFC2863], [RFC4001], [RFC3411]. 228 8. Definitions 230 DSLite-MIB DEFINITIONS ::= BEGIN 232 IMPORTS 233 MODULE-IDENTITY, OBJECT-TYPE, transmission, 234 NOTIFICATION-TYPE,Gauge32,TimeTicks, 235 Integer32, Counter64,Unsigned32 236 FROM SNMPv2-SMI 238 OBJECT-GROUP, MODULE-COMPLIANCE, 239 NOTIFICATION-GROUP 240 FROM SNMPv2-CONF 242 DisplayString 243 FROM SNMPv2-TC 245 SnmpAdminString 246 FROM SNMP-FRAMEWORK-MIB 248 ifIndex 249 FROM IF-MIB 251 InetAddress, InetAddressType, InetAddressPrefixLength, 252 InetPortNumber 253 FROM INET-ADDRESS-MIB 255 ProtocolNumber, NatBehaviorType, 256 NatPoolingType, SubscriberIdentifier 257 FROM NAT-MIB; 259 dsliteMIB MODULE-IDENTITY 260 LAST-UPDATED "201311040000Z" -- November 04, 2013 261 ORGANIZATION "IETF Softwire Working Group" 262 CONTACT-INFO 263 "Yu Fu 264 Huawei Technologies Co., Ltd 265 Huawei Building, 156 Beiqing Rd., Hai-Dian District 266 Beijing, P.R. China 100095 267 EMail: eleven.fuyu@huawei.com 269 Sheng Jiang 270 Huawei Technologies Co., Ltd 271 Huawei Building, 156 Beiqing Rd., Hai-Dian District 272 Beijing, P.R. China 100095 273 EMail: jiangsheng@huawei.com 275 Jiang Dong 276 Tsinghua University 277 Department of Computer Science, Tsinghua University 278 Beijing 100084 279 P.R. China 280 Email: knight.dongjiang@gmail.com 282 Yuchi Chen 283 Tsinghua University 284 Department of Computer Science, Tsinghua University 285 Beijing 100084 286 P.R. China 287 Email: flashfoxmx@gmail.com " 289 DESCRIPTION 290 "The MIB module is defined for management of object in the 291 DS-Lite scenario. 292 Copyright (C) The Internet Society (2013). This version 293 of this MIB module is part of RFC yyyy; see the RFC itself 294 for full legal notices. " 295 REVISION "201311040000Z" 296 DESCRIPTION 297 "Initial version. Published as RFC xxxx." 298 --RFC Ed.: RFC-edtitor pls fill in xxxx 299 ::= { transmission xxx } 300 --RFC Ed.: assigned by IANA, see section 10 for details 302 --Top level components of this MIB module 304 dsliteMIBObjects OBJECT IDENTIFIER 305 ::= { dsliteMIB 1 } 307 dsliteTunnel OBJECT IDENTIFIER 308 ::= { dsliteMIBObjects 1 } 310 dsliteNAT OBJECT IDENTIFIER 311 ::= { dsliteMIBObjects 2 } 313 dsliteInfo OBJECT IDENTIFIER 314 ::= { dsliteMIBObjects 3 } 316 --Notifications section 318 dsliteNotifications OBJECT IDENTIFIER 319 ::= { dsliteMIB 0 } 321 dsliteTraps OBJECT IDENTIFIER 322 ::= { dsliteNotifications 1 } 324 --dsliteTunnel 326 --dsliteTunnelTable 328 dsliteTunnelTable OBJECT-TYPE 329 SYNTAX SEQUENCE OF DsliteTunnelEntry 330 MAX-ACCESS not-accessible 331 STATUS current 332 DESCRIPTION 333 "The (conceptual) table containing information on configured 334 tunnels. This table can be used to map CPE address to the 335 associated AFTR address. It can also be used for row 336 creation." 337 ::= { dsliteTunnel 1 } 339 dsliteTunnelEntry OBJECT-TYPE 340 SYNTAX DsliteTunnelEntry 341 MAX-ACCESS not-accessible 342 STATUS current 343 DESCRIPTION 344 "Each entry in this table contains the information on a 345 particular configured tunnel." 346 INDEX { dsliteTunnelAddressType, 347 dsliteTunnelStartAddress, 348 dsliteTunnelEndAddress } 349 ::= { dsliteTunnelTable 1 } 351 DsliteTunnelEntry ::= 352 SEQUENCE { 353 dsliteTunnelStartAddressType InetAddressType, 354 dsliteTunnelStartAddress InetAddress, 355 dsliteTunnelStartAddPreLen InetAddressPrefixLength, 356 dsliteTunnelEndAddress InetAddress 357 } 359 dsliteTunnelStartAddressType OBJECT-TYPE 360 SYNTAX InetAddressType 361 MAX-ACCESS not-accessible 362 STATUS current 363 DESCRIPTION 364 " This object MUST be set to the value of ipv6(2). 365 It describes the address type of the IPv4-in-IPv6 366 tunnel startpoint and endpoint." 367 ::= { dsliteTunnelEntry 1 } 369 dsliteTunnelStartAddress OBJECT-TYPE 370 SYNTAX InetAddress 371 MAX-ACCESS not-accessible 372 STATUS current 373 DESCRIPTION 374 "The address of the start point of the tunnel." 375 ::= { dsliteTunnelEntry 2 } 377 dsliteTunnelEndAddress OBJECT-TYPE 378 SYNTAX InetAddress 379 MAX-ACCESS not-accessible 380 STATUS current 381 DESCRIPTION 382 "The address of the endpoint of the tunnel." 383 ::= { dsliteTunnelEntry 3 } 385 dsliteTunnelStartAddPreLen OBJECT-TYPE 386 SYNTAX InetAddressPrefixLength 387 MAX-ACCESS read-only 388 STATUS current 389 DESCRIPTION 390 "IPv6 prefix length of the IP address of the 391 start point of the tunnel." 392 ::= { dsliteTunnelEntry 4 } 394 --dsliteNAT 395 --dsliteNATMapTable(define address pool, natPoolTable and 396 --natPoolRangeTable defined in draft-ietf-behave-nat-mib 397 --are sufficient) 398 --dsliteNATBindTable(NAPT) 399 dsliteNATBindTable OBJECT-TYPE 400 SYNTAX SEQUENCE OF DsliteNATBindEntry 401 MAX-ACCESS not-accessible 402 STATUS current 403 DESCRIPTION 404 "This table contains information about currently 405 active NAT binds in AFTR. This table extends the 406 natMappingTable designed in NAT MIB 407 (draft-ietf-behave-nat-mib) by IPv6 address of B4." 408 ::= { dsliteNAT 1 } 410 dsliteNATBindEntry OBJECT-TYPE 411 SYNTAX DsliteNATBindEntry 412 MAX-ACCESS not-accessible 413 STATUS current 414 DESCRIPTION 415 "Each entry in this table holds the relationship between 416 tunnel information and nat bind information. These entries 417 are lost upon agent restart." 418 INDEX { dsliteNATBindMappingProto, 419 dsliteNATBindMappingExtRealm, 420 dsliteNATBindMappingExtAddressType, 421 dsliteNATBindMappingExtAddress, 422 dsliteNATBindMappingExtPort, 423 dsliteTunnelStartAddress, 424 dsliteTunnelStartAddPreLen } 425 ::= { dsliteNATBindTable 1 } 427 DsliteNATBindEntry ::= 428 SEQUENCE { 429 dsliteNATBindMappingProto ProtocolNumber, 430 dsliteNATBindMappingExtRealm SnmpAdminString, 431 dsliteNATBindMappingExtAddressType InetAddressType, 432 dsliteNATBindMappingExtAddress InetAddress, 433 dsliteNATBindMappingExtPort InetPortNumber, 434 dsliteNATBindMappingIntRealm SnmpAdminString, 435 dsliteNATBindMappingIntAddressType InetAddressType, 436 dsliteNATBindMappingIntAddress InetAddress, 437 dsliteNATBindMappingIntPort InetPortNumber, 438 dsliteNATBindMappingPool Unsigned32, 439 dsliteNATBindMappingMapBehavior NatBehaviorType, 440 dsliteNATBindMappingFilterBehavior NatBehaviorType, 441 dsliteNATBindMappingAddressPooling NatPoolingType 442 } 444 dsliteNATBindMappingProto OBJECT-TYPE 445 SYNTAX ProtocolNumber 446 MAX-ACCESS not-accessible 447 STATUS current 448 DESCRIPTION 449 " This object specifies the mapping's transport protocol 450 number." 451 ::= { dsliteNATBindEntry 1 } 453 dsliteNATBindMappingExtRealm OBJECT-TYPE 454 SYNTAX SnmpAdminString (SIZE(0..32)) 455 MAX-ACCESS not-accessible 456 STATUS current 457 DESCRIPTION 458 " The realm to which natMappingExtAddress belongs." 459 ::= { dsliteNATBindEntry 2 } 461 dsliteNATBindMappingExtAddressType OBJECT-TYPE 462 SYNTAX InetAddressType 463 MAX-ACCESS not-accessible 464 STATUS current 465 DESCRIPTION 466 "Type of the mapping's external address." 467 ::= { dsliteNATBindEntry 3 } 469 dsliteNATBindMappingExtAddress OBJECT-TYPE 470 SYNTAX InetAddress (SIZE (4|16)) 471 MAX-ACCESS not-accessible 472 STATUS current 473 DESCRIPTION 474 "The mapping's external address. If this is the undefined 475 address, all external addresses are mapped to the internal 476 address." 477 ::= { dsliteNATBindEntry 4 } 479 dsliteNATBindMappingExtPort OBJECT-TYPE 480 SYNTAX InetPortNumber 481 MAX-ACCESS not-accessible 482 STATUS current 483 DESCRIPTION 484 "The mapping's external port number. If this is zero, all 485 external ports are mapped to the internal port." 486 ::= { dsliteNATBindEntry 5 } 488 dsliteNATBindMappingIntRealm OBJECT-TYPE 489 SYNTAX SnmpAdminString 490 MAX-ACCESS read-only 491 STATUS current 492 DESCRIPTION 493 "The realm to which natMappingIntAddress belongs." 494 ::= { dsliteNATBindEntry 6 } 496 dsliteNATBindMappingIntAddressType OBJECT-TYPE 497 SYNTAX InetAddressType 498 MAX-ACCESS read-only 499 STATUS current 500 DESCRIPTION 501 "Type of the mapping's internal address." 502 ::= { dsliteNATBindEntry 7 } 504 dsliteNATBindMappingIntAddress OBJECT-TYPE 505 SYNTAX InetAddress 506 MAX-ACCESS read-only 507 STATUS current 508 DESCRIPTION 509 "The mapping's internal address. If this is the undefined 510 address, addresses are not translated." 511 ::= { dsliteNATBindEntry 8 } 513 dsliteNATBindMappingIntPort OBJECT-TYPE 514 SYNTAX InetPortNumber 515 MAX-ACCESS read-only 516 STATUS current 517 DESCRIPTION 518 "The mapping's internal port number. If this is zero, ports 519 are not translated." 520 ::= { dsliteNATBindEntry 9 } 522 dsliteNATBindMappingPool OBJECT-TYPE 523 SYNTAX Unsigned32 (0|1..4294967295) 524 MAX-ACCESS read-only 525 STATUS current 526 DESCRIPTION 527 "Index of the pool that contains this mapping's external 528 address and port. If zero, no pool is associated with this 529 mapping." 530 ::= { dsliteNATBindEntry 10 } 532 dsliteNATBindMappingMapBehavior OBJECT-TYPE 533 SYNTAX NatBehaviorType 534 MAX-ACCESS read-only 535 STATUS current 536 DESCRIPTION 537 "Mapping behavior as described in [RFC4787] section 4.1." 538 ::= { dsliteNATBindEntry 11 } 540 dsliteNATBindMappingFilterBehavior OBJECT-TYPE 541 SYNTAX NatBehaviorType 542 MAX-ACCESS read-only 543 STATUS current 544 DESCRIPTION 545 "Filtering behavior as described in [RFC4787] section 5."::= 546 { dsliteNATBindEntry 12 } 548 dsliteNATBindMappingAddressPooling OBJECT-TYPE 549 SYNTAX NatPoolingType 550 MAX-ACCESS read-only 551 STATUS current 552 DESCRIPTION 553 "Type of address pooling behavior that was used to create 554 this mapping." 555 ::= { dsliteNATBindEntry 13 } 557 --dsliteInfo 559 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 1 } 561 dsliteAFTRAlarmB4Addr OBJECT-TYPE 562 SYNTAX InetAddress 563 MAX-ACCESS accessible-for-notify 564 STATUS current 565 DESCRIPTION 566 "This object indicate the IP address of 567 B4 that send alarm " 568 ::= { dsliteAFTRAlarmScalar 1 } 570 dsliteAFTRAlarmProtocolType OBJECT-TYPE 571 SYNTAX DisplayString 572 MAX-ACCESS accessible-for-notify 573 STATUS current 574 DESCRIPTION 575 "This object indicate the procotol type of alarm, 576 0:tcp,1:udp,2:icmp,3:total " 577 ::= { dsliteAFTRAlarmScalar 2 } 579 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 580 SYNTAX DisplayString 581 MAX-ACCESS accessible-for-notify 582 STATUS current 583 DESCRIPTION 584 "This object indicate the name of dsliteNATMapAddrName " 585 ::= { dsliteAFTRAlarmScalar 3 } 587 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 588 SYNTAX InetAddress 589 MAX-ACCESS accessible-for-notify 590 STATUS current 591 DESCRIPTION 592 " This object indicate the IP address whose port usage 593 reach threshold " 594 ::= { dsliteAFTRAlarmScalar 4 } 596 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 597 SYNTAX Integer32 (60..90) 598 MAX-ACCESS read-write 599 STATUS current 600 DESCRIPTION 601 " This object indicate the threshold of DS-Lite 602 connections alarm." 603 ::= { dsliteAFTRAlarmScalar 5 } 605 dsliteStatisticTable OBJECT-TYPE 606 SYNTAX SEQUENCE OF DsliteStatisticEntry 607 MAX-ACCESS not-accessible 608 STATUS current 609 DESCRIPTION 610 "This table provides statistical information 611 of DS-Lite." 612 ::= { dsliteInfo 2 } 614 dsliteStatisticEntry OBJECT-TYPE 615 SYNTAX DsliteStatisticEntry 616 MAX-ACCESS not-accessible 617 STATUS current 618 DESCRIPTION 619 "This table provides statistical information 620 of DS-Lite." 621 INDEX { dsliteStatisticSubscriberIdentifier } 622 ::= { dsliteStatisticTable 1 } 624 DsliteStatisticEntry ::= 625 SEQUENCE { 626 dsliteStatisticSubscriberIdentifier SubscriberIdentifier, 627 dsliteStatisticDiscard Counter64, 628 dsliteStatisticTransmitted Counter64, 629 dsliteStatisticIpv4Session Counter64, 630 dsliteStatisticIpv6Session Counter64 631 } 633 dsliteStatisticSubscriberIdentifier OBJECT-TYPE 634 SubscriberIdentifier (SIZE (3|4|16)) 635 MAX-ACCESS not-accessible 636 STATUS current 637 DESCRIPTION 638 " This object indicate the address used for uniquely 639 identifying the subscriber. It is the IPv6 address 640 of B4 in DS-Lite." 641 ::= { dsliteStatisticEntry 1 } 643 dsliteStatisticDiscard OBJECT-TYPE 644 SYNTAX Counter64 645 MAX-ACCESS read-only 646 STATUS current 647 DESCRIPTION 648 " This object indicate the number of packets 649 discarded from this subscriber." 650 ::= { dsliteStatisticEntry 2 } 652 dsliteStatisticTransmitted OBJECT-TYPE 653 SYNTAX Counter64 654 MAX-ACCESS read-only 655 STATUS current 656 DESCRIPTION 657 " This object indicate the number of packets received 658 from or sent to this subscriber." 659 ::= { dsliteStatisticEntry 3 } 661 dsliteStatisticIpv4Session OBJECT-TYPE 662 SYNTAX Counter64 663 MAX-ACCESS read-only 664 STATUS current 665 DESCRIPTION 666 " This object indicate the number of the 667 current IPv4 Session." 668 ::= { dsliteStatisticEntry 4 } 670 dsliteStatisticIpv6Session OBJECT-TYPE 671 SYNTAX Counter64 672 MAX-ACCESS read-only 673 STATUS current 674 DESCRIPTION 675 " This object indicate the number of the 676 current IPv6 Session." 677 ::= { dsliteStatisticEntry 5 } 679 ---dslite trap 681 dsliteTunnelNumAlarm NOTIFICATION-TYPE 682 STATUS current 683 DESCRIPTION 684 "This trap is triggered when dslite tunnel 685 reach the threshold." 686 ::= { dsliteTraps 1 } 688 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 689 OBJECTS { dsliteAFTRAlarmProtocolType, 690 dsliteAFTRAlarmB4Addr } 691 STATUS current 692 DESCRIPTION 693 " This trap is triggered when sessions of 694 user reach the threshold." 695 ::= { dsliteTraps 2 } 697 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 698 OBJECTS { dsliteAFTRAlarmMapAddrName, 699 dsliteAFTRAlarmSpecificIP } 700 STATUS current 701 DESCRIPTION 702 "This trap is triggered when used NAT 703 ports of map address reach the threshold." 704 ::= { dsliteTraps 3 } 706 --Module Conformance statement 708 dsliteConformance OBJECT IDENTIFIER 709 ::= { dsliteMIB 2 } 711 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 713 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 715 -- compliance statements 717 dsliteCompliance MODULE-COMPLIANCE 718 STATUS current 719 DESCRIPTION 720 " Description the minimal requirements for conformance 721 to the DS-Lite MIB." 722 MODULE -- this module 723 MANDATORY-GROUPS { dsliteNATBindGroup, 724 dsliteTunnelGroup, 725 dsliteStatisticGroup, 726 dsliteTrapsGroup,dsliteAFTRAlarmScalarGroup } 727 ::= { dsliteCompliances 1 } 729 dsliteNATBindGroup OBJECT-GROUP 730 OBJECTS { 731 dsliteNATBindMappingIntRealm, 732 dsliteNATBindMappingIntAddressType, 733 dsliteNATBindMappingIntAddress, 734 dsliteNATBindMappingIntPort, 735 dsliteNATBindMappingPool, 736 dsliteNATBindMappingMapBehavior, 737 dsliteNATBindMappingFilterBehavior, 738 dsliteNATBindMappingAddressPooling } 739 STATUS current 740 DESCRIPTION 741 " The collection of this objects are used to give the 742 information about NAT Bind." 743 ::= { dsliteGroups 1 } 745 dsliteTunnelGroup OBJECT-GROUP 746 OBJECTS { dsliteTunnelStartAddPreLen } 747 STATUS current 748 DESCRIPTION 749 " The collection of this objects are used to give the 750 information of tunnel in ds-lite." 751 ::= { dsliteGroups 2 } 753 dsliteStatisticGroup OBJECT-GROUP 754 OBJECTS { dsliteStatisticDiscard, 755 dsliteStatisticTransmitted, 756 dsliteStatisticIpv4Session, 757 dsliteStatisticIpv6Session } 758 STATUS current 759 DESCRIPTION 760 " The collection of this objects are used to give the 761 statistical information of ds-lite." 762 ::= { dsliteGroups 3 } 764 dsliteTrapsGroup NOTIFICATION-GROUP 765 NOTIFICATIONS { dsliteTunnelNumAlarm, 766 dsliteAFTRUserSessionNumAlarm, 767 dsliteAFTRPortUsageOfSpecificIpAlarm } 768 STATUS current 769 DESCRIPTION 770 "The collection of this objects are used to give the 771 trap information of ds-lite." 772 ::= { dsliteGroups 4 } 774 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 775 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 776 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 777 dsliteAFTRAlarmConnectNumber } 778 STATUS current 779 DESCRIPTION 780 " The collection of this objects are used to give the 781 information about AFTR alarming Scalar." 782 ::= { dsliteGroups 5 } 784 END 786 9. IANA Considerations 788 The MIB module in this document uses the following IANA-assigned 789 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 790 the following IANA-assigned tunnelType values recorded in the 791 IANAtunnelType-MIB registry: 793 Descriptor OBJECT IDENTIFIER value 794 ---------- ----------------------- 795 DSLite-MIB { transmission XXX } 797 IANAtunnelType ::= TEXTUAL-CONVENTION 799 SYNTAX INTEGER { 801 dsLite ("XX") -- dslite tunnel 803 } 805 Notes: As Appendix A of the IP Tunnel MIB[RFC4087] described that it 806 has already assigned the value direct(2) to indicate the tunnel type 807 is IP in IP tunnel, but it is still difficult to distinguish DS-Lite 808 tunnel packets from normal IP in IP tunnel packets in the scenario of 809 the AFTR connecting to both a DS-lite tunnel and an IP in IP tunnel. 811 10. Security Considerations 813 There are a number of management objects defined in this MIB module 814 with a MAX-ACCESS clause of read-write and/or read-create. Such 815 objects may be considered sensitive or vulnerable in some network 816 environments. The support for SET operations in a non-secure 817 environment without proper protection can have a negative effect on 818 network operations. These are the tables and objects and their 819 sensitivity/vulnerability: 821 Notification thresholds: An attacker setting an arbitrarily low 822 treshold can cause many useless notifications to be generated. 823 Setting an arbitrarily high threshold can effectively disable 824 notifications, which could be used to hide another attack. 826 dsliteAFTRAlarmConnectNumber 828 Some of the readable objects in this MIB module (i.e., objects with a 829 MAX-ACCESS other than not-accessible) may be considered sensitive or 830 vulnerable in some network environments. It is thus important to 831 control even GET and/or NOTIFY access to these objects and possibly 832 to even encrypt the values of these objects when sending them over 833 the network via SNMP. These are the tables and objects and their 834 sensitivity/vulnerability: 836 dsliteTunnelStartAddPreLen 837 dsliteNATBindMappingIntRealm 838 dsliteNATBindMappingIntAddressType 839 dsliteNATBindMappingIntAddress 840 dsliteNATBindMappingIntPort 841 dsliteNATBindMappingPool 842 dsliteNATBindMappingMapBehavior 843 dsliteNATBindMappingFilterBehavior 844 dsliteNATBindMappingAddressPooling 845 dsliteStatisticDiscard 846 dsliteStatisticTransmitted 847 dsliteStatisticIpv4Session 848 dsliteStatisticIpv6Session 850 SNMP versions prior to SNMPv3 did not include adequate security. 851 Even if the network itself is secure (for example by using IPSec), 852 even then, there is no control as to who on the secure network is 853 allowed to access and GET/SET (read/change/create/delete) the objects 854 in this MIB module. 856 Implementations SHOULD provide the security features described by the 857 SNMPv3 framework (see [RFC3410]), and implementations claiming 858 compliance to the SNMPv3 standard MUST include full support for 859 authentication and privacy via the User-based Security Model (USM) 860 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 861 MAY also provide support for the Transport Security Model (TSM) 862 [RFC5591] in combination with a secure transport such as SSH [RFC5592] 863 or TLS/DTLS [RFC6353]. 865 Further, deployment of SNMP versions prior to SNMPv3 is NOT 866 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 867 enable cryptographic security. It is then a customer/operator 868 responsibility to ensure that the SNMP entity giving access to an 869 instance of this MIB module is properly configured to give access to 870 the objects only to those principals (users) that have legitimate 871 rights to indeed GET or SET (change/create/delete) them. 873 11. References 875 11.1. Normative References 877 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 878 Requirement Levels", BCP 14, RFC 2119, March 1997. 880 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 881 "Structure of Management Information Version 2 (SMIv2)", 882 STD 58, RFC 2578, April 1999. 884 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual 885 Conventions for SMIv2", STD 58, RFC 2579, April 1999. 887 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 888 "Conformance Statements for SMIv2", STD 58, RFC 2580, April 889 1999. 891 [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group 892 MIB", RFC 2863, June 2000. 894 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 895 Architecture for Describing Simple Network Management 896 Protocol (SNMP) Management Frameworks", RFC 3411, December 897 2002. 899 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 900 Schoenwaelder, "Textual Conventions for Internet Network 901 Addresses", RFC 4001, February 2005. 903 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and 904 Wang, C., "Definitions of Managed Objects for Network 905 Address Translators (NAT)", RFC 4008, March 2005. 907 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 909 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 910 Stack Lite Broadband Deployments Following IPv4 911 Exhaustion", RFC6333, August 2011. 913 [RFC6674] Brockners, F., Gundavelli, S., Speicher, S., Ward, D. 914 "Gateway-Initiated Dual-Stack Lite Deployment", RFC 6674, 915 July 2012. 917 11.2. Informative References 919 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 920 "Introduction and Applicability Statements for Internet- 921 Standard Management Framework", RFC 3410, December 2002. 923 Author's Addresses 925 Yu Fu 926 Huawei Technologies Co., Ltd 927 Huawei Building, 156 Beiqing Rd., 928 Hai-Dian District, Beijing 100095 929 P.R. China 930 Email: eleven.fuyu@huawei.com 932 Sheng Jiang 933 Huawei Technologies Co., Ltd 934 Huawei Building, 156 Beiqing Rd., 935 Hai-Dian District, Beijing 100095 936 P.R. China 937 Email: jiangsheng@huawei.com 939 Jiang Dong 940 Tsinghua University 941 Department of Computer Science, Tsinghua University 942 Beijing 100084 943 P.R. China 944 Email: knight.dongjiang@gmail.com 946 Yuchi Chen 947 Tsinghua University 948 Department of Computer Science, Tsinghua University 949 Beijing 100084 950 P.R. China 951 Email: flashfoxmx@gmail.com