idnits 2.17.1 draft-ietf-softwire-dslite-mib-05.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords -- however, there's a paragraph with a matching beginning. Boilerplate error? (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). -- The document date (April 29, 2014) is 3649 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 4008 (Obsoleted by RFC 7658) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Y. Fu 3 Internet-Draft S. Jiang 4 Intended status: Standards Track Huawei Technologies Co., Ltd 5 Expires: October 31, 2014 J. Dong 6 Y. Chen 7 Tsinghua University 8 April 29, 2014 10 DS-Lite Management Information Base (MIB) 11 draft-ietf-softwire-dslite-mib-05 13 Abstract 15 This memo defines a portion of the Management Information Base (MIB) 16 for using with network management protocols in the Internet 17 community. In particular, it defines managed objects for Dual-Stack 18 Lite (DS-Lite). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on October 31, 2014. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 2 56 3. The Internet-Standard Management Framework . . . . . . . . . 3 57 4. Relationship to the IF-MIB . . . . . . . . . . . . . . . . . 3 58 5. Difference from the IP tunnel MIB and NAT MIB . . . . . . . . 3 59 6. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 60 6.1. The Object Group . . . . . . . . . . . . . . . . . . . . 5 61 6.1.1. The dsliteTunnel Subtree . . . . . . . . . . . . . . 5 62 6.1.2. The dsliteNAT Subtree . . . . . . . . . . . . . . . . 5 63 6.1.3. The dsliteInfo Subtree . . . . . . . . . . . . . . . 5 64 6.2. The Notification Group . . . . . . . . . . . . . . . . . 5 65 6.2.1. The dsliteTrap Subtree . . . . . . . . . . . . . . . 5 66 6.3. The Conformance Group . . . . . . . . . . . . . . . . . . 5 67 7. MIB modules required for IMPORTS . . . . . . . . . . . . . . 5 68 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 69 9. Security Considerations . . . . . . . . . . . . . . . . . . . 17 70 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 71 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 72 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 73 12.1. Normative References . . . . . . . . . . . . . . . . . . 19 74 12.2. Informative References . . . . . . . . . . . . . . . . . 21 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 77 1. Introduction 79 Dual-Stack Lite [RFC6333] is a solution to offer both IPv4 and IPv6 80 connectivity to customers crossing an IPv6 only infrastructure. One 81 of its key components is an IPv4-over-IPv6 tunnel, which is used to 82 provide IPv4 connectivity across a service provider's IPv6 network. 83 Another key component is a carrier-grade IPv4-IPv4 Network Address 84 Translation (NAT) to share service provider IPv4 addresses among 85 customers. 87 This document defines a portion of the Management Information Base 88 (MIB) for using with network management protocols in the Internet 89 community. This MIB module may be used for configuration and 90 monitoring devices in a Dual-Stack Lite scenario. 92 2. Requirements Language 94 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 95 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 96 "OPTIONAL" in this document are to be interpreted as described in 98 [RFC2119] when they appear in ALL CAPS. When these words are not in 99 ALL CAPS (such as "should" or "Should"), they have their usual 100 English meanings, and are not to be interpreted as [RFC2119] key 101 words. 103 3. The Internet-Standard Management Framework 105 For a detailed overview of the documents that describe the current 106 Internet-Standard Management Framework, please refer to section 7 of 107 [RFC3410]. 109 Managed objects are accessed via a virtual information store, termed 110 the Management Information Base or MIB. MIB objects are generally 111 accessed through the Simple Network Management Protocol (SNMP). 112 Objects in the MIB are defined using the mechanisms defined in the 113 Structure of Management Information (SMI). This memo specifies a MIB 114 module that is compliant to the SMIv2, which is described in 115 [RFC2578], [RFC2579] and [RFC2580]. 117 4. Relationship to the IF-MIB 119 The Interfaces MIB [RFC2863] defines generic managed objects for 120 managing interfaces. Each logical interface (physical or virtual)has 121 an ifEntry. Tunnels are handled by creating a logical interface 122 (ifEntry) for each tunnel. Each DS-Lite tunnel also acts as a 123 virtual interface, which has a corresponding entry in the IP Tunnel 124 MIB and Interface MIB. Those corresponding entries are indexed by 125 ifIndex. 127 The ifOperStatus in ifTable is used to represent whether the DS-Lite 128 tunnel function has been originated. The ifInUcastPkts defined in 129 ifTable will represent the number of IPv4 packets that have been 130 encapsulated into IPv6 packets sent to a B4. The ifOutUcastPkts 131 defined in ifTable contains the number of IPv6 packets that can be 132 decapsulated to IPv4 in the virtual interface. Also, the IF-MIB 133 defines ifMtu for the MTU of this tunnel interface, so DS-Lite MIB 134 does not need to define the MTU for the tunnel. 136 5. Difference from the IP tunnel MIB and NAT MIB 138 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnels 139 and NAT (IPv4 to IPv4 translation). 141 Notes: According to section 5.2 of [RFC6333], DS-Lite only defines 142 IPv4 in IPv6 tunnels at this moment, but other types of encapsulation 143 could be defined in the future. So this DS-Lite MIB only supports IP 144 in IP encapsulation, if another RFC defined other tunnel types in the 145 future, this DS-Lite MIB will be updated then. 147 The NAT MIB [I-D.ietf-behave-nat-mib] is designed to carry 148 translation from any address family to any address family, therefore 149 it supports IPv4 to IPv4 translation. 151 The IP Tunnel MIB [RFC4087] is designed for managing tunnels of any 152 type over IPv4 and IPv6 networks, therefore it supports IP in IP 153 tunnels. 155 However, the NAT MIB and IP Tunnel MIB together are not sufficient to 156 support DS-Lite. This document describes the specific MIB 157 requirements for DS-Lite, as below. 159 In a DS-Lite scenario, the tunnel type is IP in IP, more 160 precisely, is IPv4 in IPv6. Therefore, it is unnecessary to 161 describe tunnel type in DS-Lite MIB. 163 In a DS-Lite scenario, the translation type is IPv4 private 164 address to IPv4 public address. Therefore, it is unnecessary to 165 describe the type of address in the corresponding 166 tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects 167 which are defined in the IP Tunnel MIB for DS-Lite MIB. 169 In a DS-Lite scenario, the AFTR is not only the tunnel end 170 concentrator, but also a 4-4 translator. Within the Address 171 Family Transition Router (AFTR), tunnel information and 172 translation information MUST be mapped each other. But the tunnel 173 entry defined in the IP Tunnel MIB and the NAT mapping entry 174 defined in the NAT MIB are not able to reflect this mapping 175 relationship. Therefore, a combined MIB is necessary. 177 The implementation of the IP Tunnel MIB is required for DS-Lite. The 178 tunnelIfEncapsMethod in the tunnelIfEntry should be set to 179 dsLite("xx"), and a corresponding entry in the DS-Lite module will 180 exist for every tunnelIfEntry with this tunnelIfEncapsMethod. The 181 tunnelIfRemoteInetAddress must be set to "::". 183 6. Structure of the MIB Module 185 The DS-Lite MIB provides a way to monitor and manage the devices 186 (AFTRs) in DS-Lite scenario through SNMP. 188 The DS-Lite MIB is configurable on a per-interface basis. It depends 189 on several parts of the IF-MIB [RFC2863], IP Tunnel MIB [RFC4087], 190 and NAT MIB [I-D.ietf-behave-nat-mib]. 192 6.1. The Object Group 194 This Group defines objects that are needed for DS-Lite MIB. 196 6.1.1. The dsliteTunnel Subtree 198 The dsliteTunnel subtree describes managed objects used for managing 199 tunnels in the DS-Lite scenario. Because some objects defined in the 200 IP Tunnel MIB are "not access", a few new objects are defined in DS- 201 Lite MIB. 203 6.1.2. The dsliteNAT Subtree 205 The dsliteNAT subtree describes managed objects used for 206 configuration as well as monitoring of AFTR which is capable of a NAT 207 function. Because the NAT MIB supports the NAT management function 208 in DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT subtree 209 also provides the information of mapping relationship between the 210 tunnel entry and NAT entry by extending the IPv6 address of B4 to the 211 natMappingTableEntry in the NAT MIB. 213 6.1.3. The dsliteInfo Subtree 215 The dsliteInfo subtree provides statistical information for DS-Lite. 217 6.2. The Notification Group 219 This group defines some notification objects for DS-Lite. 221 6.2.1. The dsliteTrap Subtree 223 The dsliteTrap subtree provides trap information in DS-Lite scenario. 225 6.3. The Conformance Group 227 The dsliteConformance subtree provides conformance information of MIB 228 objects. 230 7. MIB modules required for IMPORTS 232 This MIB module IMPORTs objects from [RFC2578], [RFC2580], [RFC2863], 233 [RFC3411], [RFC4001] and [RFC4008]. 235 8. Definitions 237 DSLite-MIB DEFINITIONS ::= BEGIN 239 IMPORTS 240 MODULE-IDENTITY, OBJECT-TYPE, transmission, 241 NOTIFICATION-TYPE,Gauge32,TimeTicks, 242 Integer32, Counter64,Unsigned32 243 FROM SNMPv2-SMI 245 OBJECT-GROUP, MODULE-COMPLIANCE, 246 NOTIFICATION-GROUP 247 FROM SNMPv2-CONF 249 DisplayString 250 FROM SNMPv2-TC 252 SnmpAdminString 253 FROM SNMP-FRAMEWORK-MIB 255 ifIndex 256 FROM IF-MIB 258 InetAddress, InetAddressType, InetAddressPrefixLength, 259 InetPortNumber 260 FROM INET-ADDRESS-MIB 262 ProtocolNumber, NatBehaviorType, 263 NatPoolingType, SubscriberIdentifier 264 FROM NAT-MIB; 266 dsliteMIB MODULE-IDENTITY 267 LAST-UPDATED "201405040000Z" -- May 04, 2014 268 ORGANIZATION "IETF Softwire Working Group" 269 CONTACT-INFO 270 "Yu Fu 271 Huawei Technologies Co., Ltd 272 Huawei Building, 156 Beiqing Rd., Hai-Dian District 273 Beijing, P.R. China 100095 274 EMail: eleven.fuyu@huawei.com 276 Sheng Jiang 277 Huawei Technologies Co., Ltd 278 Huawei Building, 156 Beiqing Rd., Hai-Dian District 279 Beijing, P.R. China 100095 280 EMail: jiangsheng@huawei.com 282 Jiang Dong 283 Tsinghua University 284 Department of Computer Science, Tsinghua University 285 Beijing 100084 286 P.R. China 287 Email: knight.dongjiang@gmail.com 288 Yuchi Chen 289 Tsinghua University 290 Department of Computer Science, Tsinghua University 291 Beijing 100084 292 P.R. China 293 Email: flashfoxmx@gmail.com " 295 DESCRIPTION 296 "The MIB module is defined for management of object in the 297 DS-Lite scenario. 298 Copyright (C) The Internet Society (2014). This version 299 of this MIB module is part of RFC yyyy; see the RFC itself 300 for full legal notices. " 301 REVISION "201405040000Z" 302 DESCRIPTION 303 "Initial version. Published as RFC xxxx." 304 --RFC Ed.: RFC-edtitor pls fill in xxxx 305 ::= { transmission xxx } 306 --RFC Ed.: assigned by IANA, see section 10 for details 308 --Top level components of this MIB module 310 dsliteMIBObjects OBJECT IDENTIFIER 311 ::= { dsliteMIB 1 } 312 dsliteTunnel OBJECT IDENTIFIER 313 ::= { dsliteMIBObjects 1 } 315 dsliteNAT OBJECT IDENTIFIER 316 ::= { dsliteMIBObjects 2 } 318 dsliteInfo OBJECT IDENTIFIER 319 ::= { dsliteMIBObjects 3 } 321 --Notifications section 323 dsliteNotifications OBJECT IDENTIFIER 324 ::= { dsliteMIB 0 } 326 dsliteTraps OBJECT IDENTIFIER 327 ::= { dsliteNotifications 1 } 329 --dsliteTunnel 331 --dsliteTunnelTable 333 dsliteTunnelTable OBJECT-TYPE 334 SYNTAX SEQUENCE OF DsliteTunnelEntry 335 MAX-ACCESS not-accessible 336 STATUS current 337 DESCRIPTION 338 "The (conceptual) table containing information on configured 339 tunnels. This table can be used to map CPE address to the 340 associated AFTR address. It can also be used for row 341 creation." 342 ::= { dsliteTunnel 1 } 344 dsliteTunnelEntry OBJECT-TYPE 345 SYNTAX DsliteTunnelEntry 346 MAX-ACCESS not-accessible 347 STATUS current 348 DESCRIPTION 349 "Each entry in this table contains the information on a 350 particular configured tunnel." 351 INDEX { dsliteTunnelAddressType, 352 dsliteTunnelStartAddress, 353 dsliteTunnelEndAddress } 354 ::= { dsliteTunnelTable 1 } 356 DsliteTunnelEntry ::= 357 SEQUENCE { 358 dsliteTunnelStartAddressType InetAddressType, 359 dsliteTunnelStartAddress InetAddress, 360 dsliteTunnelStartAddPreLen InetAddressPrefixLength, 361 dsliteTunnelEndAddress InetAddress 362 } 364 dsliteTunnelStartAddressType OBJECT-TYPE 365 SYNTAX InetAddressType 366 MAX-ACCESS not-accessible 367 STATUS current 368 DESCRIPTION 369 " This object MUST be set to the value of ipv6(2). 370 It describes the address type of the IPv4-in-IPv6 371 tunnel startpoint and endpoint." 372 ::= { dsliteTunnelEntry 1 } 374 dsliteTunnelStartAddress OBJECT-TYPE 375 SYNTAX InetAddress 376 MAX-ACCESS not-accessible 377 STATUS current 378 DESCRIPTION 379 "The address of the start point of the tunnel." 380 ::= { dsliteTunnelEntry 2 } 382 dsliteTunnelEndAddress OBJECT-TYPE 383 SYNTAX InetAddress 384 MAX-ACCESS not-accessible 385 STATUS current 386 DESCRIPTION 387 "The address of the endpoint of the tunnel." 388 ::= { dsliteTunnelEntry 3 } 390 dsliteTunnelStartAddPreLen OBJECT-TYPE 391 SYNTAX InetAddressPrefixLength 392 MAX-ACCESS read-only 393 STATUS current 394 DESCRIPTION 395 "IPv6 prefix length of the IP address of the 396 start point of the tunnel." 397 ::= { dsliteTunnelEntry 4 } 399 --dsliteNAT 400 --dsliteNATMapTable(define address pool, natPoolTable and 401 --natPoolRangeTable defined in draft-ietf-behave-nat-mib 402 --are sufficient) 403 --dsliteNATBindTable(NAPT) 404 dsliteNATBindTable OBJECT-TYPE 405 SYNTAX SEQUENCE OF DsliteNATBindEntry 406 MAX-ACCESS not-accessible 407 STATUS current 408 DESCRIPTION 409 "This table contains information about currently 410 active NAT binds in AFTR. This table extends the 411 natMappingTable designed in NAT MIB 412 (draft-ietf-behave-nat-mib) by IPv6 address of B4." 413 ::= { dsliteNAT 1 } 415 dsliteNATBindEntry OBJECT-TYPE 416 SYNTAX DsliteNATBindEntry 417 MAX-ACCESS not-accessible 418 STATUS current 419 DESCRIPTION 420 "Each entry in this table holds the relationship between 421 tunnel information and nat bind information. These entries 422 are lost upon agent restart." 423 INDEX { dsliteNATBindMappingProto, 424 dsliteNATBindMappingExtRealm, 425 dsliteNATBindMappingExtAddressType, 426 dsliteNATBindMappingExtAddress, 427 dsliteNATBindMappingExtPort, 428 dsliteTunnelStartAddress, 429 dsliteTunnelStartAddPreLen } 430 ::= { dsliteNATBindTable 1 } 432 DsliteNATBindEntry ::= 433 SEQUENCE { 434 dsliteNATBindMappingProto ProtocolNumber, 435 dsliteNATBindMappingExtRealm SnmpAdminString, 436 dsliteNATBindMappingExtAddressType InetAddressType, 437 dsliteNATBindMappingExtAddress InetAddress, 438 dsliteNATBindMappingExtPort InetPortNumber, 439 dsliteNATBindMappingIntRealm SnmpAdminString, 440 dsliteNATBindMappingIntAddressType InetAddressType, 441 dsliteNATBindMappingIntAddress InetAddress, 442 dsliteNATBindMappingIntPort InetPortNumber, 443 dsliteNATBindMappingPool Unsigned32, 444 dsliteNATBindMappingMapBehavior NatBehaviorType, 445 dsliteNATBindMappingFilterBehavior NatBehaviorType, 446 dsliteNATBindMappingAddressPooling NatPoolingType 447 } 449 dsliteNATBindMappingProto OBJECT-TYPE 450 SYNTAX ProtocolNumber 451 MAX-ACCESS not-accessible 452 STATUS current 453 DESCRIPTION 454 " This object specifies the mapping's transport protocol 455 number." 456 ::= { dsliteNATBindEntry 1 } 458 dsliteNATBindMappingExtRealm OBJECT-TYPE 459 SYNTAX SnmpAdminString (SIZE(0..32)) 460 MAX-ACCESS not-accessible 461 STATUS current 462 DESCRIPTION 463 " The realm to which natMappingExtAddress belongs." 464 ::= { dsliteNATBindEntry 2 } 466 dsliteNATBindMappingExtAddressType OBJECT-TYPE 467 SYNTAX InetAddressType 468 MAX-ACCESS not-accessible 469 STATUS current 470 DESCRIPTION 471 "Type of the mapping's external address." 472 ::= { dsliteNATBindEntry 3 } 474 dsliteNATBindMappingExtAddress OBJECT-TYPE 475 SYNTAX InetAddress (SIZE (4|16)) 476 MAX-ACCESS not-accessible 477 STATUS current 478 DESCRIPTION 479 "The mapping's external address. If this is the undefined 480 address, all external addresses are mapped to the internal 481 address." 482 ::= { dsliteNATBindEntry 4 } 484 dsliteNATBindMappingExtPort OBJECT-TYPE 485 SYNTAX InetPortNumber 486 MAX-ACCESS not-accessible 487 STATUS current 488 DESCRIPTION 489 "The mapping's external port number. If this is zero, all 490 external ports are mapped to the internal port." 491 ::= { dsliteNATBindEntry 5 } 493 dsliteNATBindMappingIntRealm OBJECT-TYPE 494 SYNTAX SnmpAdminString 495 MAX-ACCESS read-only 496 STATUS current 497 DESCRIPTION 498 "The realm to which natMappingIntAddress belongs." 499 ::= { dsliteNATBindEntry 6 } 501 dsliteNATBindMappingIntAddressType OBJECT-TYPE 502 SYNTAX InetAddressType 503 MAX-ACCESS read-only 504 STATUS current 505 DESCRIPTION 506 "Type of the mapping's internal address." 507 ::= { dsliteNATBindEntry 7 } 509 dsliteNATBindMappingIntAddress OBJECT-TYPE 510 SYNTAX InetAddress 511 MAX-ACCESS read-only 512 STATUS current 513 DESCRIPTION 514 "The mapping's internal address. If this is the undefined 515 address, addresses are not translated." 516 ::= { dsliteNATBindEntry 8 } 518 dsliteNATBindMappingIntPort OBJECT-TYPE 519 SYNTAX InetPortNumber 520 MAX-ACCESS read-only 521 STATUS current 522 DESCRIPTION 523 "The mapping's internal port number. If this is zero, ports 524 are not translated." 525 ::= { dsliteNATBindEntry 9 } 527 dsliteNATBindMappingPool OBJECT-TYPE 528 SYNTAX Unsigned32 (0|1..4294967295) 529 MAX-ACCESS read-only 530 STATUS current 531 DESCRIPTION 532 "Index of the pool that contains this mapping's external 533 address and port. If zero, no pool is associated with this 534 mapping." 535 ::= { dsliteNATBindEntry 10 } 537 dsliteNATBindMappingMapBehavior OBJECT-TYPE 538 SYNTAX NatBehaviorType 539 MAX-ACCESS read-only 540 STATUS current 541 DESCRIPTION 542 "Mapping behavior as described in [RFC4787] section 4.1." 543 ::= { dsliteNATBindEntry 11 } 545 dsliteNATBindMappingFilterBehavior OBJECT-TYPE 546 SYNTAX NatBehaviorType 547 MAX-ACCESS read-only 548 STATUS current 549 DESCRIPTION 550 "Filtering behavior as described in [RFC4787] section 5."::= 551 { dsliteNATBindEntry 12 } 553 dsliteNATBindMappingAddressPooling OBJECT-TYPE 554 SYNTAX NatPoolingType 555 MAX-ACCESS read-only 556 STATUS current 557 DESCRIPTION 558 "Type of address pooling behavior that was used to create 559 this mapping." 560 ::= { dsliteNATBindEntry 13 } 562 --dsliteInfo 564 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 1 } 566 dsliteAFTRAlarmB4Addr OBJECT-TYPE 567 SYNTAX InetAddress 568 MAX-ACCESS accessible-for-notify 569 STATUS current 570 DESCRIPTION 571 "This object indicate the IP address of 572 B4 that send alarm " 573 ::= { dsliteAFTRAlarmScalar 1 } 575 dsliteAFTRAlarmProtocolType OBJECT-TYPE 576 SYNTAX DisplayString 577 MAX-ACCESS accessible-for-notify 578 STATUS current 579 DESCRIPTION 580 "This object indicate the procotol type of alarm, 581 0:tcp,1:udp,2:icmp,3:total " 582 ::= { dsliteAFTRAlarmScalar 2 } 584 dsliteAFTRAlarmMapAddrName OBJECT-TYPE 585 SYNTAX DisplayString 586 MAX-ACCESS accessible-for-notify 587 STATUS current 588 DESCRIPTION 589 "This object indicate the name of dsliteNATMapAddrName " 590 ::= { dsliteAFTRAlarmScalar 3 } 592 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 593 SYNTAX InetAddress 594 MAX-ACCESS accessible-for-notify 595 STATUS current 596 DESCRIPTION 597 " This object indicate the IP address whose port usage 598 reach threshold " 599 ::= { dsliteAFTRAlarmScalar 4 } 601 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 602 SYNTAX Integer32 (60..90) 603 MAX-ACCESS read-write 604 STATUS current 605 DESCRIPTION 606 " This object indicate the threshold of DS-Lite 607 connections alarm." 608 ::= { dsliteAFTRAlarmScalar 5 } 610 dsliteStatisticTable OBJECT-TYPE 611 SYNTAX SEQUENCE OF DsliteStatisticEntry 612 MAX-ACCESS not-accessible 613 STATUS current 614 DESCRIPTION 615 "This table provides statistical information 616 of DS-Lite." 617 ::= { dsliteInfo 2 } 619 dsliteStatisticEntry OBJECT-TYPE 620 SYNTAX DsliteStatisticEntry 621 MAX-ACCESS not-accessible 622 STATUS current 623 DESCRIPTION 624 "This table provides statistical information 625 of DS-Lite." 626 INDEX { dsliteStatisticSubscriberIdentifier } 627 ::= { dsliteStatisticTable 1 } 629 DsliteStatisticEntry ::= 630 SEQUENCE { 631 dsliteStatisticSubscriberIdentifier SubscriberIdentifier, 632 dsliteStatisticDiscard Counter64, 633 dsliteStatisticTransmitted Counter64, 634 dsliteStatisticIpv4Session Counter64, 635 dsliteStatisticIpv6Session Counter64 636 } 638 dsliteStatisticSubscriberIdentifier OBJECT-TYPE 639 SubscriberIdentifier (SIZE (3|4|16)) 640 MAX-ACCESS not-accessible 641 STATUS current 642 DESCRIPTION 643 " This object indicate the address used for uniquely 644 identifying the subscriber. It is the IPv6 address 645 of B4 in DS-Lite." 646 ::= { dsliteStatisticEntry 1 } 648 dsliteStatisticDiscard OBJECT-TYPE 649 SYNTAX Counter64 650 MAX-ACCESS read-only 651 STATUS current 652 DESCRIPTION 653 " This object indicate the number of packets 654 discarded from this subscriber." 655 ::= { dsliteStatisticEntry 2 } 657 dsliteStatisticTransmitted OBJECT-TYPE 658 SYNTAX Counter64 659 MAX-ACCESS read-only 660 STATUS current 661 DESCRIPTION 662 " This object indicate the number of packets received 663 from or sent to this subscriber." 664 ::= { dsliteStatisticEntry 3 } 666 dsliteStatisticIpv4Session OBJECT-TYPE 667 SYNTAX Counter64 668 MAX-ACCESS read-only 669 STATUS current 670 DESCRIPTION 671 " This object indicate the number of the 672 current IPv4 Session." 673 ::= { dsliteStatisticEntry 4 } 675 dsliteStatisticIpv6Session OBJECT-TYPE 676 SYNTAX Counter64 677 MAX-ACCESS read-only 678 STATUS current 679 DESCRIPTION 680 " This object indicate the number of the 681 current IPv6 Session." 682 ::= { dsliteStatisticEntry 5 } 684 ---dslite trap 686 dsliteTunnelNumAlarm NOTIFICATION-TYPE 687 STATUS current 688 DESCRIPTION 689 "This trap is triggered when dslite tunnel 690 reach the threshold." 691 ::= { dsliteTraps 1 } 693 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 694 OBJECTS { dsliteAFTRAlarmProtocolType, 695 dsliteAFTRAlarmB4Addr } 696 STATUS current 697 DESCRIPTION 698 " This trap is triggered when sessions of 699 user reach the threshold." 700 ::= { dsliteTraps 2 } 702 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 703 OBJECTS { dsliteAFTRAlarmMapAddrName, 704 dsliteAFTRAlarmSpecificIP } 705 STATUS current 706 DESCRIPTION 707 "This trap is triggered when used NAT 708 ports of map address reach the threshold." 709 ::= { dsliteTraps 3 } 711 --Module Conformance statement 713 dsliteConformance OBJECT IDENTIFIER 714 ::= { dsliteMIB 2 } 716 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 718 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 720 -- compliance statements 722 dsliteCompliance MODULE-COMPLIANCE 723 STATUS current 724 DESCRIPTION 725 " Description the minimal requirements for conformance 726 to the DS-Lite MIB." 727 MODULE -- this module 728 MANDATORY-GROUPS { dsliteNATBindGroup, 729 dsliteTunnelGroup, 730 dsliteStatisticGroup, 731 dsliteTrapsGroup,dsliteAFTRAlarmScalarGroup } 732 ::= { dsliteCompliances 1 } 734 dsliteNATBindGroup OBJECT-GROUP 735 OBJECTS { 736 dsliteNATBindMappingIntRealm, 737 dsliteNATBindMappingIntAddressType, 738 dsliteNATBindMappingIntAddress, 739 dsliteNATBindMappingIntPort, 740 dsliteNATBindMappingPool, 741 dsliteNATBindMappingMapBehavior, 742 dsliteNATBindMappingFilterBehavior, 743 dsliteNATBindMappingAddressPooling } 744 STATUS current 745 DESCRIPTION 746 " The collection of this objects are used to give the 747 information about NAT Bind." 748 ::= { dsliteGroups 1 } 750 dsliteTunnelGroup OBJECT-GROUP 751 OBJECTS { dsliteTunnelStartAddPreLen } 752 STATUS current 753 DESCRIPTION 754 " The collection of this objects are used to give the 755 information of tunnel in ds-lite." 756 ::= { dsliteGroups 2 } 758 dsliteStatisticGroup OBJECT-GROUP 759 OBJECTS { dsliteStatisticDiscard, 760 dsliteStatisticTransmitted, 761 dsliteStatisticIpv4Session, 762 dsliteStatisticIpv6Session } 763 STATUS current 764 DESCRIPTION 765 " The collection of this objects are used to give the 766 statistical information of ds-lite." 767 ::= { dsliteGroups 3 } 769 dsliteTrapsGroup NOTIFICATION-GROUP 770 NOTIFICATIONS { dsliteTunnelNumAlarm, 771 dsliteAFTRUserSessionNumAlarm, 772 dsliteAFTRPortUsageOfSpecificIpAlarm } 773 STATUS current 774 DESCRIPTION 775 "The collection of this objects are used to give the 776 trap information of ds-lite." 777 ::= { dsliteGroups 4 } 779 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 780 OBJECTS { dsliteAFTRAlarmB4Addr, dsliteAFTRAlarmProtocolType, 781 dsliteAFTRAlarmMapAddrName, dsliteAFTRAlarmSpecificIP, 782 dsliteAFTRAlarmConnectNumber } 783 STATUS current 784 DESCRIPTION 785 " The collection of this objects are used to give the 786 information about AFTR alarming Scalar." 787 ::= { dsliteGroups 5 } 789 END 791 9. Security Considerations 793 There are a number of management objects defined in this MIB module 794 with a MAX-ACCESS clause of read-write and/or read-create. Such 795 objects may be considered sensitive or vulnerable in some network 796 environments. The support for SET operations in a non-secure 797 environment without proper protection can have a negative effect on 798 network operations. These are the tables and objects and their 799 sensitivity/vulnerability: 801 Notification thresholds: An attacker setting an arbitrarily low 802 treshold can cause many useless notifications to be generated. 803 Setting an arbitrarily high threshold can effectively disable 804 notifications, which could be used to hide another attack. 806 dsliteAFTRAlarmConnectNumber 808 Some of the readable objects in this MIB module (i.e., objects with a 809 MAX-ACCESS other than not-accessible) may be considered sensitive or 810 vulnerable in some network environments. It is thus important to 811 control even GET and/or NOTIFY access to these objects and possibly 812 to even encrypt the values of these objects when sending them over 813 the network via SNMP. These are the tables and objects and their 814 sensitivity/vulnerability: 816 dsliteTunnelStartAddPreLen 818 dsliteNATBindMappingIntRealm 820 dsliteNATBindMappingIntAddressType 822 dsliteNATBindMappingIntAddress 824 dsliteNATBindMappingIntPort 826 dsliteNATBindMappingPool 828 dsliteNATBindMappingMapBehavior 830 dsliteNATBindMappingFilterBehavior 832 dsliteNATBindMappingAddressPooling 834 dsliteStatisticDiscard 836 dsliteStatisticTransmitted 838 dsliteStatisticIpv4Session 840 dsliteStatisticIpv6Session 842 SNMP versions prior to SNMPv3 did not include adequate security. 843 Even if the network itself is secure (for example by using IPSec), 844 even then, there is no control as to who on the secure network is 845 allowed to access and GET/SET (read/change/create/delete) the objects 846 in this MIB module. 848 Implementations SHOULD provide the security features described by the 849 SNMPv3 framework (see [RFC3410]), and implementations claiming 850 compliance to the SNMPv3 standard MUST include full support for 851 authentication and privacy via the User-based Security Model (USM) 852 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 853 MAY also provide support for the Transport Security Model (TSM) 854 [RFC5591] in combination with a secure transport such as SSH 855 [RFC5592] or TLS/DTLS [RFC6353]. 857 Further, deployment of SNMP versions prior to SNMPv3 is NOT 858 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 859 enable cryptographic security. It is then a customer/operator 860 responsibility to ensure that the SNMP entity giving access to an 861 instance of this MIB module is properly configured to give access to 862 the objects only to those principals (users) that have legitimate 863 rights to indeed GET or SET (change/create/delete) them. 865 10. IANA Considerations 867 The MIB module in this document uses the following IANA-assigned 868 OBJECT IDENTIFIER values recorded in the SMI Numbers registry, and 869 the following IANA-assigned tunnelType values recorded in the 870 IANAtunnelType-MIB registry: 872 Descriptor OBJECT IDENTIFIER value 873 ---------- ----------------------- 874 DSLite-MIB { transmission XXX } 876 IANAtunnelType ::= TEXTUAL-CONVENTION 878 SYNTAX INTEGER { 880 dsLite ("XX") -- dslite tunnel 882 } 884 Notes: As Appendix A of the IP Tunnel MIB[RFC4087] described that it 885 has already assigned the value direct(2) to indicate the tunnel type 886 is IP in IP tunnel, but it is still difficult to distinguish DS-Lite 887 tunnel packets from normal IP in IP tunnel packets in the scenario of 888 the AFTR connecting to both a DS-lite tunnel and an IP in IP tunnel. 890 11. Acknowledgements 892 The authors would like to thanks the valuable comments made by Suresh 893 Krishnan, Ian Farrer, Yiu Lee, Qi Sun, Yong Cui, Dave Thaler, Tassos 894 Chatzithomaoglou and other members of SOFTWIRE WG. 896 This document was produced using the xml2rfc tool [RFC2629]. 898 12. References 900 12.1. Normative References 902 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 903 Requirement Levels", BCP 14, RFC 2119, March 1997. 905 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 906 Schoenwaelder, Ed., "Structure of Management Information 907 Version 2 (SMIv2)", STD 58, RFC 2578, April 1999. 909 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 910 Schoenwaelder, Ed., "Textual Conventions for SMIv2", STD 911 58, RFC 2579, April 1999. 913 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 914 "Conformance Statements for SMIv2", STD 58, RFC 2580, 915 April 1999. 917 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 918 MIB", RFC 2863, June 2000. 920 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 921 Architecture for Describing Simple Network Management 922 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 923 December 2002. 925 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 926 (USM) for version 3 of the Simple Network Management 927 Protocol (SNMPv3)", STD 62, RFC 3414, December 2002. 929 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 930 Advanced Encryption Standard (AES) Cipher Algorithm in the 931 SNMP User-based Security Model", RFC 3826, June 2004. 933 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 934 Schoenwaelder, "Textual Conventions for Internet Network 935 Addresses", RFC 4001, February 2005. 937 [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and 938 C. Wang, "Definitions of Managed Objects for Network 939 Address Translators (NAT)", RFC 4008, March 2005. 941 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005. 943 [RFC4787] Audet, F. and C. Jennings, "Network Address Translation 944 (NAT) Behavioral Requirements for Unicast UDP", BCP 127, 945 RFC 4787, January 2007. 947 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 948 for the Simple Network Management Protocol (SNMP)", RFC 949 5591, June 2009. 951 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 952 Shell Transport Model for the Simple Network Management 953 Protocol (SNMP)", RFC 5592, June 2009. 955 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 956 Stack Lite Broadband Deployments Following IPv4 957 Exhaustion", RFC 6333, August 2011. 959 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 960 Model for the Simple Network Management Protocol (SNMP)", 961 RFC 6353, July 2011. 963 12.2. Informative References 965 [I-D.ietf-behave-nat-mib] 966 Perreault, S., Tsou, T., and S. Sivakumar, "Definitions of 967 Managed Objects for Network Address Translators (NAT)", 968 draft-ietf-behave-nat-mib-11 (work in progress), January 969 2014. 971 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 972 June 1999. 974 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 975 "Introduction and Applicability Statements for Internet- 976 Standard Management Framework", RFC 3410, December 2002. 978 Authors' Addresses 980 Yu Fu 981 Huawei Technologies Co., Ltd 982 Q14, Huawei Campus, No.156 Beiqing Road 983 Hai-Dian District, Beijing, 100095 984 P.R. China 986 Email: eleven.fuyu@huawei.com 988 Sheng Jiang 989 Huawei Technologies Co., Ltd 990 Q14, Huawei Campus, No.156 Beiqing Road 991 Hai-Dian District, Beijing, 100095 992 P.R. China 994 Email: jiangsheng@huawei.com 995 Jiang Dong 996 Tsinghua University 997 Department of Computer Science, Tsinghua University 998 Beijing 100084 999 P.R. China 1001 Email: knight.dongjiang@gmail.com 1003 Yuchi Chen 1004 Tsinghua University 1005 Department of Computer Science, Tsinghua University 1006 Beijing 100084 1007 P.R. China 1009 Email: flashfoxmx@gmail.com