idnits 2.17.1 draft-ietf-softwire-dslite-mib-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 16, 2015) is 3054 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Y. Fu 3 Internet-Draft CNNIC 4 Intended status: Standards Track S. Jiang 5 Expires: June 18, 2016 Huawei Technologies Co., Ltd 6 J. Dong 7 Y. Chen 8 Tsinghua University 9 December 16, 2015 11 DS-Lite Management Information Base (MIB) for AFTRs 12 draft-ietf-softwire-dslite-mib-13 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for using with network management protocols in the Internet 18 community. In particular, it defines managed objects for Address 19 Family Transition Routers (AFTRs) of Dual-Stack Lite (DS-Lite). 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on June 18, 2016. 38 Copyright Notice 40 Copyright (c) 2015 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 57 3. The Internet-Standard Management Framework . . . . . . . . . 3 58 4. Relationship to the IF-MIB . . . . . . . . . . . . . . . . . 3 59 5. Difference from the IP tunnel MIB and NATV2-MIB . . . . . . . 3 60 6. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 61 6.1. The Object Group . . . . . . . . . . . . . . . . . . . . 5 62 6.1.1. The dsliteTunnel Subtree . . . . . . . . . . . . . . 5 63 6.1.2. The dsliteNAT Subtree . . . . . . . . . . . . . . . . 5 64 6.1.3. The dsliteInfo Subtree . . . . . . . . . . . . . . . 5 65 6.2. The Notification Group . . . . . . . . . . . . . . . . . 5 66 6.2.1. The dsliteTrap Subtree . . . . . . . . . . . . . . . 5 67 6.3. The Conformance Group . . . . . . . . . . . . . . . . . . 5 68 7. MIB modules required for IMPORTS . . . . . . . . . . . . . . 6 69 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 70 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 71 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 72 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24 73 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 74 12.1. Normative References . . . . . . . . . . . . . . . . . . 24 75 12.2. Informative References . . . . . . . . . . . . . . . . . 25 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 78 1. Introduction 80 Dual-Stack Lite [RFC6333] is a solution to offer both IPv4 and IPv6 81 connectivity to customers crossing an IPv6 only infrastructure. One 82 of its key components is an IPv4-over-IPv6 tunnel, which is used to 83 provide IPv4 connectivity across a service provider's IPv6 network. 84 Another key component is a carrier-grade IPv4-IPv4 Network Address 85 Translation (NAT) to share service provider IPv4 addresses among 86 customers. 88 This document defines a portion of the Management Information Base 89 (MIB) for using with network management protocols in the Internet 90 community. This MIB module may be used for configuration and 91 monitoring Address Family Transition Routers (AFTRs) in a Dual-Stack 92 Lite scenario. 94 2. Requirements Language 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 98 "OPTIONAL" in this document are to be interpreted as described in 99 [RFC2119] when they appear in ALL CAPS. When these words are not in 100 ALL CAPS (such as "should" or "Should"), they have their usual 101 English meanings, and are not to be interpreted as [RFC2119] key 102 words. 104 3. The Internet-Standard Management Framework 106 For a detailed overview of the documents that describe the current 107 Internet-Standard Management Framework, please refer to section 7 of 108 [RFC3410]. 110 Managed objects are accessed via a virtual information store, termed 111 the Management Information Base or MIB. MIB objects are generally 112 accessed through the Simple Network Management Protocol (SNMP). 113 Objects in the MIB are defined using the mechanisms defined in the 114 Structure of Management Information (SMI). This memo specifies a MIB 115 module that is compliant to the SMIv2, which is described in 116 [RFC2578], [RFC2579] and [RFC2580]. 118 4. Relationship to the IF-MIB 120 The Interfaces MIB [RFC2863] defines generic managed objects for 121 managing interfaces. Each logical interface (physical or virtual) 122 has an ifEntry. Tunnels are handled by creating a logical interface 123 (ifEntry) for each tunnel. Each DS-Lite tunnel endpoint also acts as 124 a virtual interface, which has a corresponding entry in the IP Tunnel 125 MIB and Interface MIB. Those corresponding entries are indexed by 126 ifIndex. 128 The ifOperStatus in ifTable is used to represent whether the DS-Lite 129 tunnel function has been triggered. The ifInUcastPkts defined in 130 ifTable will represent the number of IPv4 packets that have been 131 encapsulated into IPv6 packets sent to a B4. The ifOutUcastPkts 132 defined in ifTable contains the number of IPv6 packets that can be 133 decapsulated to IPv4 in the virtual interface. Also, the IF-MIB 134 defines ifMtu for the MTU of this tunnel interface, so DS-Lite MIB 135 does not need to define the MTU for the tunnel. 137 5. Difference from the IP tunnel MIB and NATV2-MIB 139 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnels 140 and NAT (IPv4 to IPv4 translation). 142 Notes: According to section 5.2 of [RFC6333], DS-Lite only defines 143 IPv4 in IPv6 tunnels at this moment, but other types of encapsulation 144 could be defined in the future. So this DS-Lite MIB only supports IP 145 in IP encapsulation. If another RFC defines other tunnel types in 146 the future, this DS-Lite MIB will be updated then. 148 The NATV2-MIB [RFC7659] is designed to carry translation from any 149 address family to any address family, therefore it supports IPv4 to 150 IPv4 translation. 152 The IP Tunnel MIB [RFC4087] is designed for managing tunnels of any 153 type over IPv4 and IPv6 networks, therefore it has already supports 154 IP in IP tunnels. But in a DS-Lite scenario, the tunnel type is 155 point-to-multipoint IP in IP tunnels. The direct(2) defined in IP 156 Tunnel MIB only supports point-to-point tunnel. So it needs to 157 define a new tunnel type for DS-Lite. 159 However, the NATV2-MIB and IP Tunnel MIB together are not sufficient 160 to support DS-Lite. This document describes the specific features 161 for DS-Lite MIB, as below. 163 In the DS-Lite scenario, the Address Family Transition Router (AFTR) 164 is not only the tunnel end concentrator, but also an IPv4-to-IPv4 165 NAT. So as defined in [RFC6333], when the IPv4 packets come back 166 from the Internet to the AFTR, it knows how to reconstruct the IPv6 167 encapsulation by doing a reverse lookup in the extended IPv4 NAT 168 binding table (section 6.6 of [RFC6333]). The NAT binding table in 169 the AFTR is extended to include the IPv6 address of the tunnel 170 initiator. However, the NAT binding information defined in NATV2-MIB 171 as natv2PortMapTable is indexed by the NAT instance, protocol, and 172 external realm and address. Because the tunnelIfTable defined in the 173 TUNNEL-MIB [RFC4087] is indexed by the ifIndex, the DS-Lite-MIB needs 174 to define the tunnel objects to extend the NAT binding entry by 175 interface. Therefore, a combined MIB is necessary. 177 An implementation of the IP Tunnel MIB is required for DS-Lite. As 178 the tunnel is not point-to-point in DS-Lite, it needs to define a new 179 tunnel type for DS-Lite. And the tunnelIfEncapsMethod in the 180 tunnelIfEntry should be set to dsLite ("xx"), and a corresponding 181 entry in the DS-Lite module will exist for every tunnelIfEntry with 182 this tunnelIfEncapsMethod. The tunnelIfRemoteInetAddress must be set 183 to "::". 185 6. Structure of the MIB Module 187 The DS-Lite MIB provides a way to monitor and manage the devices 188 (AFTRs) in a DS-Lite scenario through SNMP. 190 The DS-Lite MIB is configurable on a per-interface basis. It depends 191 on several parts of the IF-MIB [RFC2863], IP Tunnel MIB [RFC4087], 192 and NATV2-MIB [RFC7659]. 194 6.1. The Object Group 196 This Group defines objects that are needed for DS-Lite MIB. 198 6.1.1. The dsliteTunnel Subtree 200 The dsliteTunnel subtree describes managed objects used for managing 201 tunnels in the DS-Lite scenario. Because the 202 tunnelInetConfigLocalAddress and tunnelInetConfigRemoteAddress 203 defined in the IP Tunnel MIB are not readable, a few new objects are 204 defined in DS-Lite MIB. 206 6.1.2. The dsliteNAT Subtree 208 The dsliteNAT subtree describes managed objects used for 209 configuration as well as monitoring of an AFTR which is capable of a 210 NAT function. Because the NATV2-MIB supports the NAT management 211 function in DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT 212 subtree also provides the mapping information between the tunnel 213 entry (dsliteTunnelEntry) and the NAT entry (dsliteNATBindEntry) by 214 adding the IPv6 address of the B4 to the natv2PortMapEntry in the 215 NATV2-MIB. 217 6.1.3. The dsliteInfo Subtree 219 The dsliteInfo subtree provides statistical information for DS-Lite. 221 6.2. The Notification Group 223 This group defines some notification objects for DS-Lite. 225 6.2.1. The dsliteTrap Subtree 227 The dsliteTrap subtree provides trap information in a DS-Lite 228 scenario. 230 6.3. The Conformance Group 232 The dsliteConformance subtree provides conformance information of MIB 233 objects. 235 7. MIB modules required for IMPORTS 237 This MIB module IMPORTs objects from [RFC2578], [RFC2580], [RFC2863], 238 [RFC3411], [RFC4001] and [RFC7659]. 240 8. Definitions 242 DSLite-MIB DEFINITIONS ::= BEGIN 244 IMPORTS 245 MODULE-IDENTITY, OBJECT-TYPE, mib-2, 246 NOTIFICATION-TYPE, Gauge32, TimeTicks, 247 Integer32, Counter64, Unsigned32 248 FROM SNMPv2-SMI 250 OBJECT-GROUP, MODULE-COMPLIANCE, 251 NOTIFICATION-GROUP 252 FROM SNMPv2-CONF 254 DisplayString 255 FROM SNMPv2-TC 257 SnmpAdminString 258 FROM SNMP-FRAMEWORK-MIB 260 ifIndex 261 FROM IF-MIB 263 InetAddress, InetAddressType, InetAddressPrefixLength, 264 InetPortNumber 265 FROM INET-ADDRESS-MIB 267 ProtocolNumber, Natv2InstanceIndex, Natv2SubscriberIndex 268 FROM NATV2-MIB; 270 dsliteMIB MODULE-IDENTITY 271 LAST-UPDATED "201512160000Z" -- December 16, 2015 272 ORGANIZATION "IETF Softwire Working Group" 273 CONTACT-INFO 274 "Yu Fu 275 CNNIC 276 No.4 South 4th Street, Zhongguancun, Hai-Dian District 277 Beijing, P.R. China 100095 278 EMail: fuyu@cnnic.cn 280 Sheng Jiang 281 Huawei Technologies Co., Ltd 282 Huawei Building, 156 Beiqing Rd., Hai-Dian District 283 Beijing, P.R. China 100095 284 EMail: jiangsheng@huawei.com 286 Jiang Dong 287 Tsinghua University 288 Department of Computer Science, Tsinghua University 289 Beijing 100084 290 P.R. China 291 Email: knight.dongjiang@gmail.com 293 Yuchi Chen 294 Tsinghua University 295 Department of Computer Science, Tsinghua University 296 Beijing 100084 297 P.R. China 298 Email: flashfoxmx@gmail.com " 300 DESCRIPTION 301 "The MIB module is defined for management of objects in the 302 DS-Lite scenario. 303 Copyright (C) The Internet Society (2015). This version 304 of this MIB module is part of RFC yyyy; see the RFC itself 305 for full legal notices. " 306 REVISION "201512160000Z" 307 DESCRIPTION 308 "Initial version. Published as RFC xxxx." 309 --RFC Ed.: RFC-edtitor pls fill in xxxx 310 ::= { mib-2 xxx } 311 --RFC Ed.: assigned by IANA, see section 10 for details 313 --Top level components of this MIB module 315 dsliteMIBObjects OBJECT IDENTIFIER 316 ::= { dsliteMIB 1 } 317 dsliteTunnel OBJECT IDENTIFIER 318 ::= { dsliteMIBObjects 1 } 320 dsliteNAT OBJECT IDENTIFIER 321 ::= { dsliteMIBObjects 2 } 323 dsliteInfo OBJECT IDENTIFIER 324 ::= { dsliteMIBObjects 3 } 326 --Notifications section 328 dsliteNotifications OBJECT IDENTIFIER 329 ::= { dsliteMIB 0 } 331 dsliteTraps OBJECT IDENTIFIER 332 ::= { dsliteNotifications 1 } 334 --dsliteTunnel 336 --dsliteTunnelTable 338 dsliteTunnelTable OBJECT-TYPE 339 SYNTAX SEQUENCE OF DsliteTunnelEntry 340 MAX-ACCESS not-accessible 341 STATUS current 342 DESCRIPTION 343 "The (conceptual) table containing information on 344 configured tunnels. This table can be used to map 345 a B4 address to the associated AFTR address. It can 346 also be used for row creation." 347 REFERENCE 348 "B4, AFTR: RFC 6333." 349 ::= { dsliteTunnel 1 } 351 dsliteTunnelEntry OBJECT-TYPE 352 SYNTAX DsliteTunnelEntry 353 MAX-ACCESS not-accessible 354 STATUS current 355 DESCRIPTION 356 "Each entry in this table contains the information on a 357 particular configured tunnel." 358 INDEX { dsliteTunnelAddressType, 359 dsliteTunnelStartAddress, 360 dsliteTunnelEndAddress, 361 ifIndex } 362 ::= { dsliteTunnelTable 1 } 364 DsliteTunnelEntry ::= 365 SEQUENCE { 366 dsliteTunnelAddressType InetAddressType, 367 dsliteTunnelStartAddress InetAddress, 368 dsliteTunnelEndAddress InetAddress, 369 dsliteTunnelStartAddPreLen InetAddressPrefixLength 370 } 372 dsliteTunnelAddressType OBJECT-TYPE 373 SYNTAX InetAddressType 374 MAX-ACCESS not-accessible 375 STATUS current 376 DESCRIPTION 377 "This object MUST be set to the value of ipv6(2). 378 It describes the address type of the IPv4-in-IPv6 379 tunnel initiator and endpoint." 380 ::= { dsliteTunnelEntry 1 } 382 dsliteTunnelStartAddress OBJECT-TYPE 383 SYNTAX InetAddress 384 MAX-ACCESS not-accessible 385 STATUS current 386 DESCRIPTION 387 "The IPv6 address of the initiator of the tunnel 388 The address type is given by dsliteTunnelAddressType." 389 ::= { dsliteTunnelEntry 2 } 391 dsliteTunnelEndAddress OBJECT-TYPE 392 SYNTAX InetAddress 393 MAX-ACCESS not-accessible 394 STATUS current 395 DESCRIPTION 396 "The IPv6 address of the endpoint of the tunnel 397 The address type is given by dsliteTunnelAddressType." 398 ::= { dsliteTunnelEntry 3 } 400 dsliteTunnelStartAddPreLen OBJECT-TYPE 401 SYNTAX InetAddressPrefixLength 402 MAX-ACCESS read-only 403 STATUS current 404 DESCRIPTION 405 "The IPv6 prefix length of the IP address for the 406 initiator of the tunnel(dsliteTunnelStartAddress)." 407 ::= { dsliteTunnelEntry 4 } 409 --dsliteNATBindTable(according to the NAPT scheme) 411 dsliteNATBindTable OBJECT-TYPE 412 SYNTAX SEQUENCE OF DsliteNATBindEntry 413 MAX-ACCESS not-accessible 414 STATUS current 415 DESCRIPTION 416 "This table contains information about currently 417 active NAT binds in the NAT of the AFTR. This table 418 adds the IPv6 address of a B4 to the natv2PortMapTable 419 defined in NATV2-MIB (RFC7659)." 420 REFERENCE 421 "NATV2-MIB: section 4 of RFC7659." 422 ::= { dsliteNAT 1 } 424 dsliteNATBindEntry OBJECT-TYPE 425 SYNTAX DsliteNATBindEntry 426 MAX-ACCESS not-accessible 427 STATUS current 428 DESCRIPTION 429 "The entry in this table holds the mapping relationship 430 between tunnel information and NAT bind information. 431 Each entry in this table not only need to match a 432 corresponding entry in the natv2PortMapTable but 433 also a corresponding entry in the dsliteTunnelTable. 434 So the INDEX of the entry needs to match a corresponding 435 value in the natv2PortMapTable INDEX and a correspongding 436 value in the dsliteTunnelTable INDEX. These entries are 437 lost upon agent restart." 438 REFERENCE 439 "natv2PortMapTable: section 4 of RFC7659." 440 INDEX { dsliteNATBindMappingInstanceIndex, 441 dsliteNATBindMappingProto, 442 dsliteNATBindMappingExtRealm, 443 dsliteNATBindMappingExtAddressType, 444 dsliteNATBindMappingExtAddress, 445 dsliteNATBindMappingExtPort, 446 ifIndex, 447 dsliteTunnelStartAddress } 448 ::= { dsliteNATBindTable 1 } 450 DsliteNATBindEntry ::= 451 SEQUENCE { 452 dsliteNATBindMappingInstanceIndex Natv2InstanceIndex, 453 dsliteNATBindMappingProto ProtocolNumber, 454 dsliteNATBindMappingExtRealm SnmpAdminString, 455 dsliteNATBindMappingExtAddressType InetAddressType, 456 dsliteNATBindMappingExtAddress InetAddress, 457 dsliteNATBindMappingExtPort InetPortNumber, 458 dsliteNATBindMappingIntRealm SnmpAdminString, 459 dsliteNATBindMappingIntAddressType InetAddressType, 460 dsliteNATBindMappingIntAddress InetAddress, 461 dsliteNATBindMappingIntPort InetPortNumber, 462 dsliteNATBindMappingPool Unsigned32, 463 dsliteNATBindMappingMapBehavior INTEGER, 464 dsliteNATBindMappingFilterBehavior INTEGER, 465 dsliteNATBindMappingAddressPooling INTEGER 466 } 468 dsliteNATBindMappingInstanceIndex OBJECT-TYPE 469 SYNTAX Natv2InstanceIndex 470 MAX-ACCESS not-accessible 471 STATUS current 472 DESCRIPTION 473 "Index of the NAT instance that created this port 474 map entry." 475 ::= { dsliteNATBindEntry 1 } 477 dsliteNATBindMappingProto OBJECT-TYPE 478 SYNTAX ProtocolNumber 479 MAX-ACCESS not-accessible 480 STATUS current 481 DESCRIPTION 482 "This object specifies the mapping's transport protocol 483 number." 484 ::= { dsliteNATBindEntry 2 } 486 dsliteNATBindMappingExtRealm OBJECT-TYPE 487 SYNTAX SnmpAdminString (SIZE(0..32)) 488 MAX-ACCESS not-accessible 489 STATUS current 490 DESCRIPTION 491 "The realm to which dsliteNATBindMappingExtAddress 492 belongs." 493 ::= { dsliteNATBindEntry 3 } 495 dsliteNATBindMappingExtAddressType OBJECT-TYPE 496 SYNTAX InetAddressType 497 MAX-ACCESS not-accessible 498 STATUS current 499 DESCRIPTION 500 "Address type for the mapping's external address. 501 A value other than IPv4(1) would be unexpected." 502 ::= { dsliteNATBindEntry 4 } 504 dsliteNATBindMappingExtAddress OBJECT-TYPE 505 SYNTAX InetAddress (SIZE (0..16)) 506 MAX-ACCESS not-accessible 507 STATUS current 508 DESCRIPTION 509 "The mapping's external address. This is the source 510 address for translated outgoing packets. The address 511 type is given by dsliteNATBindMappingExtAddressType." 512 ::= { dsliteNATBindEntry 5 } 514 dsliteNATBindMappingExtPort OBJECT-TYPE 515 SYNTAX InetPortNumber 516 MAX-ACCESS not-accessible 517 STATUS current 518 DESCRIPTION 519 "The mapping's assigned external port number. 521 This is the source port for translated outgoing 522 packets. This MUST be a non-zero value." 523 ::= { dsliteNATBindEntry 6 } 525 dsliteNATBindMappingIntRealm OBJECT-TYPE 526 SYNTAX SnmpAdminString (SIZE(0..32)) 527 MAX-ACCESS read-only 528 STATUS current 529 DESCRIPTION 530 "The realm to which natMappingIntAddress belongs. This 531 realm defines the IPv6 address space from which the 532 tunnel source address is taken. The realm of the 533 encapsulated IPv4 address is restricted in scope to 534 the tunnel, so there is no point in identifying it 535 separately." 536 ::= { dsliteNATBindEntry 7 } 538 dsliteNATBindMappingIntAddressType OBJECT-TYPE 539 SYNTAX InetAddressType 540 MAX-ACCESS read-only 541 STATUS current 542 DESCRIPTION 543 "Address type of the mapping's internal address. 544 A value other than ipv4z(3) would be unexpected." 545 ::= { dsliteNATBindEntry 8 } 547 dsliteNATBindMappingIntAddress OBJECT-TYPE 548 SYNTAX InetAddress 549 MAX-ACCESS read-only 550 STATUS current 551 DESCRIPTION 552 "The mapping's internal address. It is the IPv6 tunnel 553 source address. The address type is given by 554 dsliteNATBindMappingIntAddressType." 555 ::= { dsliteNATBindEntry 9 } 557 dsliteNATBindMappingIntPort OBJECT-TYPE 558 SYNTAX InetPortNumber 559 MAX-ACCESS read-only 560 STATUS current 561 DESCRIPTION 562 "The mapping's internal port number. This MUST be a non-zero 563 value." 564 ::= { dsliteNATBindEntry 10 } 566 dsliteNATBindMappingPool OBJECT-TYPE 567 SYNTAX Unsigned32 (0|1..4294967295) 568 MAX-ACCESS read-only 569 STATUS current 570 DESCRIPTION 571 "Index of the pool that contains this mapping's external 572 address and port. If zero, no pool is associated with this 573 mapping." 574 ::= { dsliteNATBindEntry 11 } 576 dsliteNATBindMappingMapBehavior OBJECT-TYPE 577 SYNTAX INTEGER{ 578 endpointIndependent (0), 579 addressDependent(1), 580 addressAndPortDependent (2) 581 } 582 MAX-ACCESS read-only 583 STATUS current 584 DESCRIPTION 585 "Mapping behavior as described in [RFC4787] section 4.1. 587 endpointIndependent(0), the behavior REQUIRED by 588 RFC 4787, REQ-1, maps the source address and port to 589 the same external address and port for all destination 590 address and port combinations reached through the same 591 external realm and using the given protocol. 593 addressDependent(1) maps to the same external address 594 and port for all destination ports at the same 595 destination address reached through the same external 596 realm and using the given protocol. 598 addressAndPortDependent(2) maps to a separate external 599 address and port combination for each different 600 destination address and port combination reached 601 through the same external realm. 603 For the DS-Lite scenario, it must be 604 addressAndPortDependent(2)." 605 REFERENCE 606 "Mapping behavior: section 4.1 of RFC 4787. 607 DS-Lite: RFC 6333." 608 ::= { dsliteNATBindEntry 12 } 610 dsliteNATBindMappingFilterBehavior OBJECT-TYPE 611 SYNTAX INTEGER{ 612 endpointIndependent (0), 613 addressDependent(1), 614 addressAndPortDependent (2) 615 } 616 MAX-ACCESS read-only 617 STATUS current 618 DESCRIPTION 619 "Filtering behavior as described in [RFC4787] section 5. 621 endpointIndependent(0) accepts for translation packets 622 from all combinations of remote address and port 623 destined to the mapped external address and port via 624 the given external realm and using the given protocol. 626 addressDependent(1) accepts for translation packets from 627 all remote ports from the same remote source address 628 destined to the mapped external address and port via the 629 given external realm and using the given protocol. 631 addressAndPortDependent(2) accepts for translation only 632 those packets with the same remote source address, port, 633 and protocol incoming from the same external realm as 634 identified when the applicable port map entry was 635 created. 637 RFC 4787, REQ-8 recommends either endpointIndependent(0) 638 or addressDependent(1) filtering behavior depending on 639 whether application friendliness or security takes 640 priority. 642 For the DS-Lite scenario, it must be 643 addressAndPortDependent(2)." 644 REFERENCE 645 "Filtering behavior: section 5 of RFC 4787. 646 DS-Lite: RFC 6333." 647 ::= { dsliteNATBindEntry 13 } 649 dsliteNATBindMappingAddressPooling OBJECT-TYPE 650 SYNTAX INTEGER{ 651 arbitrary (0), 652 paired (1) 653 } 654 MAX-ACCESS read-only 655 STATUS current 656 DESCRIPTION 657 "Type of address pooling behavior that was used to create 658 this mapping. 660 arbitrary(0) pooling behavior means that the NAT instance 661 may create the new port mapping using any address in the 662 pool that has a free port for the protocol concerned. 664 paired(1) pooling behavior, the behavior RECOMMENDED by RFC 665 4787, REQ-2, means that once a given internal address has 666 been mapped to a particular address in a particular pool, 667 further mappings of the same internal address to that pool 668 will reuse the previously assigned pool member address." 669 REFERENCE 670 "Pooling behavior: section 4.1 of RFC 4787." 671 ::= { dsliteNATBindEntry 14 } 673 --dsliteInfo 675 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 1 } 677 dsliteAFTRAlarmB4AddrType OBJECT-TYPE 678 SYNTAX InetAddressType 679 MAX-ACCESS accessible-for-notify 680 STATUS current 681 DESCRIPTION 682 "This object indicates the address type of 683 the B4 which will send an alarm." 684 ::= { dsliteAFTRAlarmScalar 1 } 686 dsliteAFTRAlarmB4Addr OBJECT-TYPE 687 SYNTAX InetAddress 688 MAX-ACCESS accessible-for-notify 689 STATUS current 690 DESCRIPTION 691 "This object indicates the IP address of 692 B4 which will send an alarm. The address type is 693 given by dsliteAFTRAlarmB4AddrType." 694 ::= { dsliteAFTRAlarmScalar 2 } 696 dsliteAFTRAlarmProtocolType OBJECT-TYPE 697 SYNTAX INTEGER{ 698 tcp (0), 699 udp (1), 700 icmp (2), 701 total (3) 702 } 703 MAX-ACCESS accessible-for-notify 704 STATUS current 705 DESCRIPTION 706 "This object indicates the transport protocol type 707 of alarm. 709 tcp (0) means that the transport protocoal type of 710 alarm is tcp. 712 udp (1) means that the transport protocoal type of 713 alarm is udp. 715 icmp (2) means that the transport protocoal type of 716 alarm is icmp. 718 total (3) means that the transport protocoal type of 719 alarm is total." 720 ::= { dsliteAFTRAlarmScalar 3 } 722 dsliteAFTRAlarmSpecificIPAddrType OBJECT-TYPE 723 SYNTAX InetAddressType 724 MAX-ACCESS accessible-for-notify 725 STATUS current 726 DESCRIPTION 727 "This object indicates the address type of the IP address 728 whose port usage has reached the threshold." 729 ::= { dsliteAFTRAlarmScalar 4 } 731 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 732 SYNTAX InetAddress 733 MAX-ACCESS accessible-for-notify 734 STATUS current 735 DESCRIPTION 736 "This object indicates the IP address whose port usage 737 has reached the threshold. The address type is given by 738 dsliteAFTRAlarmSpecificIPAddrType." 739 ::= { dsliteAFTRAlarmScalar 5 } 741 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 742 SYNTAX Integer32 (60..90) 743 MAX-ACCESS read-write 744 STATUS current 745 DESCRIPTION 746 "This object indicates the notification threshold 747 of the DS-Lite tunnels which is active in 748 the AFTR device." 749 REFERENCE 750 "AFTR: section 6 of RFC 6333." 751 DEFVAL 752 { 60 } 753 ::= { dsliteAFTRAlarmScalar 6 } 755 dsliteAFTRAlarmSessionNumber OBJECT-TYPE 756 SYNTAX Integer32 757 MAX-ACCESS read-write 758 STATUS current 759 DESCRIPTION 760 "This object indicates the notification threshold of 761 the IPv4 session for the user." 762 REFERENCE 763 "AFTR: section 6 of RFC 6333 764 B4: section 5 of RFC 6333." 765 DEFVAL 766 { -1 } 767 ::= { dsliteAFTRAlarmScalar 7 } 769 dsliteAFTRAlarmPortNumber OBJECT-TYPE 770 SYNTAX Integer32 771 MAX-ACCESS read-write 772 STATUS current 773 DESCRIPTION 774 "This object indicates the notification threshold of the NAT 775 ports which have been used by user." 776 DEFVAL 777 { -1 } 778 ::= { dsliteAFTRAlarmScalar 8 } 780 dsliteStatisticsTable OBJECT-TYPE 781 SYNTAX SEQUENCE OF DsliteStatisticsEntry 782 MAX-ACCESS not-accessible 783 STATUS current 784 DESCRIPTION 785 "This table provides statistical information 786 about DS-Lite." 787 ::= { dsliteInfo 2 } 789 dsliteStatisticsEntry OBJECT-TYPE 790 SYNTAX DsliteStatisticsEntry 791 MAX-ACCESS not-accessible 792 STATUS current 793 DESCRIPTION 794 "Ench entry in this table provides statistical information 795 about DS-Lite." 796 INDEX { dsliteStatisticsSubscriberIndex } 797 ::= { dsliteStatisticsTable 1 } 799 DsliteStatisticsEntry ::= 800 SEQUENCE { 801 dsliteStatisticsSubscriberIndex Natv2SubscriberIndex, 802 dsliteStatisticsDiscards Counter64, 803 dsliteStatisticsSends Counter64, 804 dsliteStatisticsReceives Counter64, 805 dsliteStatisticsIpv4Session Counter64, 806 dsliteStatisticsIpv6Session Counter64 807 } 809 dsliteStatisticsSubscriberIndex OBJECT-TYPE 810 SYNTAX Natv2SubscriberIndex 811 MAX-ACCESS not-accessible 812 STATUS current 813 DESCRIPTION 814 "Index of the subscriber or host. A unique value, 815 greater than zero, for each subscriber in the 816 managed system." 817 ::= { dsliteStatisticsEntry 1 } 819 dsliteStatisticsDiscards OBJECT-TYPE 820 SYNTAX Counter64 821 MAX-ACCESS read-only 822 STATUS current 823 DESCRIPTION 824 "This object indicate the number of packets 825 discarded from this subscriber." 826 ::= { dsliteStatisticsEntry 2 } 828 dsliteStatisticsSends OBJECT-TYPE 829 SYNTAX Counter64 830 MAX-ACCESS read-only 831 STATUS current 832 DESCRIPTION 833 "This object indicate the number of packets which is 834 sent to this subscriber." 835 ::= { dsliteStatisticsEntry 3 } 837 dsliteStatisticsReceives OBJECT-TYPE 838 SYNTAX Counter64 839 MAX-ACCESS read-only 840 STATUS current 841 DESCRIPTION 842 "This object indicate the number of packets which is 843 received from this subscriber." 844 ::= { dsliteStatisticsEntry 4 } 846 dsliteStatisticsIpv4Session OBJECT-TYPE 847 SYNTAX Counter64 848 MAX-ACCESS read-only 849 STATUS current 850 DESCRIPTION 851 "This object indicate the number of the 852 current IPv4 Sessions." 853 REFERENCE 854 "Session: the paragraph 2 of RFC 6333 section 11. 855 (The AFTR should have the capability to log the 856 tunnel-id, protocol, ports/IP addresses, and 857 the creation time of the NAT binding to uniquely 858 identify the user sessions)." 859 ::= { dsliteStatisticsEntry 5 } 861 dsliteStatisticsIpv6Session OBJECT-TYPE 862 SYNTAX Counter64 863 MAX-ACCESS read-only 864 STATUS current 865 DESCRIPTION 866 "This object indicates the number of the 867 current IPv6 Session. Because the AFTR is 868 also a dual-stack device, it will also 869 forward normal IPv6 packets for the 870 inbound and outbound direction." 871 REFERENCE 872 "Session: the paragraph 2 of RFC 6333 section 11. 873 (The AFTR should have the capability to log the 874 tunnel-id, protocol, ports/IP addresses, and 875 the creation time of the NAT binding to uniquely 876 identify the user sessions)." 877 ::= { dsliteStatisticsEntry 6 } 879 ---dslite trap 881 dsliteTunnelNumAlarm NOTIFICATION-TYPE 882 OBJECTS { dsliteAFTRAlarmProtocolType, 883 dsliteAFTRAlarmB4AddrType, 884 dsliteAFTRAlarmB4Addr } 885 STATUS current 886 DESCRIPTION 887 "This trap is triggered when the number of 888 current dslite tunnels exceeds the value of 889 dsliteAFTRAlarmConnectNumber." 890 ::= { dsliteTraps 1 } 892 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 893 OBJECTS { dsliteAFTRAlarmProtocolType, 894 dsliteAFTRAlarmB4AddrType, 895 dsliteAFTRAlarmB4Addr } 896 STATUS current 897 DESCRIPTION 898 "This trap is triggered when user sessions 899 reach the threshold. The threshold 900 is specified by the dsliteAFTRAlarmSessionNumber." 901 REFERENCE 902 "Session: the paragraph 2 of RFC 6333 section 11. 903 (The AFTR should have the capability to log the 904 tunnel-id, protocol, ports/IP addresses, and 905 the creation time of the NAT binding to uniquely 906 identify the user sessions)." 907 ::= { dsliteTraps 2 } 909 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 910 OBJECTS { dsliteAFTRAlarmSpecificIPAddrType, 911 dsliteAFTRAlarmSpecificIP } 912 STATUS current 913 DESCRIPTION 914 "This trap is triggered when the used NAT 915 ports of map address reach the threshold. 916 The threshold is specified by the 917 dsliteAFTRAlarmPortNumber." 918 ::= { dsliteTraps 3 } 920 --Module Conformance statement 922 dsliteConformance OBJECT IDENTIFIER 923 ::= { dsliteMIB 2 } 925 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 927 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 929 -- compliance statements 931 dsliteCompliance MODULE-COMPLIANCE 932 STATUS current 933 DESCRIPTION 934 "Describes the minimal requirements for conformance 935 to the DSLite-MIB." 936 MODULE -- this module 937 MANDATORY-GROUPS { dsliteNATBindGroup, 938 dsliteTunnelGroup, 939 dsliteStatisticsGroup, 940 dsliteTrapsGroup, 941 dsliteAFTRAlarmScalarGroup } 942 ::= { dsliteCompliances 1 } 944 dsliteNATBindGroup OBJECT-GROUP 945 OBJECTS { 946 dsliteNATBindMappingIntRealm, 947 dsliteNATBindMappingIntAddressType, 948 dsliteNATBindMappingIntAddress, 949 dsliteNATBindMappingIntPort, 950 dsliteNATBindMappingPool, 951 dsliteNATBindMappingMapBehavior, 952 dsliteNATBindMappingFilterBehavior, 953 dsliteNATBindMappingAddressPooling } 954 STATUS current 955 DESCRIPTION 956 "A collection of objects to support basic 957 management of NAT binds in the NAT of the AFTR." 958 ::= { dsliteGroups 1 } 960 dsliteTunnelGroup OBJECT-GROUP 961 OBJECTS { dsliteTunnelStartAddPreLen } 962 STATUS current 963 DESCRIPTION 964 "A collection of objects to support management 965 of ds-lite tunnels." 966 ::= { dsliteGroups 2 } 968 dsliteStatisticsGroup OBJECT-GROUP 969 OBJECTS { dsliteStatisticsDiscards, 970 dsliteStatisticsSends, 971 dsliteStatisticsReceives, 972 dsliteStatisticsIpv4Session, 973 dsliteStatisticsIpv6Session } 974 STATUS current 975 DESCRIPTION 976 " A collection of objects to support management 977 of statistical information for AFTR devices." 978 ::= { dsliteGroups 3 } 980 dsliteTrapsGroup NOTIFICATION-GROUP 981 NOTIFICATIONS { dsliteTunnelNumAlarm, 982 dsliteAFTRUserSessionNumAlarm, 983 dsliteAFTRPortUsageOfSpecificIpAlarm } 984 STATUS current 985 DESCRIPTION 986 "A collection of objects to support management 987 of trap information for AFTR devices." 988 ::= { dsliteGroups 4 } 990 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 991 OBJECTS { dsliteAFTRAlarmB4AddrType, 992 dsliteAFTRAlarmB4Addr, 993 dsliteAFTRAlarmProtocolType, 994 dsliteAFTRAlarmSpecificIPAddrType, 995 dsliteAFTRAlarmSpecificIP, 996 dsliteAFTRAlarmConnectNumber, 997 dsliteAFTRAlarmSessionNumber, 998 dsliteAFTRAlarmPortNumber} 999 STATUS current 1000 DESCRIPTION 1001 "A collection of objects to surpport management of 1002 the information about AFTR alarming Scalar." 1003 ::= { dsliteGroups 5 } 1005 END 1007 9. Security Considerations 1009 There are three objects defined in this MIB module with a MAX-ACCESS 1010 clause of read-write. Such objects may be considered sensitive or 1011 vulnerable in some network environments. The support for SET 1012 operations in a non-secure environment without proper protection 1013 opens devices to attack. These are the tables and objects and their 1014 sensitivity/vulnerability: 1016 Notification thresholds: An attacker setting an arbitrarily low 1017 threshold can cause many useless notifications to be generated. 1018 Setting an arbitrarily high threshold can effectively disable 1019 notifications, which could be used to hide another attack. 1021 dsliteAFTRAlarmConnectNumber 1023 dsliteAFTRAlarmSessionNumber 1025 dsliteAFTRAlarmPortNumber 1027 Some of the readable objects in this MIB module (i.e., objects with a 1028 MAX-ACCESS other than not-accessible) may be considered sensitive or 1029 vulnerable in some network environments. It is thus important to 1030 control even GET and/or NOTIFY access to these objects and possibly 1031 to even encrypt the values of these objects when sending them over 1032 the network via SNMP. These are the tables and objects and their 1033 sensitivity/vulnerability: 1035 Objects that reveal host identities: Various objects can reveal the 1036 identity of private hosts that are engaged in a session with external 1037 end nodes. A curious outsider could monitor these to assess the 1038 number of private hosts being supported by the AFTR device. Further, 1039 a disgruntled former employee of an enterprise could use the 1040 information to break into specific private hosts by intercepting the 1041 existing sessions or originating new sessions into the host. If 1042 nothing else, unauthorized monitoring of these objects will violate 1043 individual subscribers' privacy. 1045 entries in dsliteTunnelTable 1047 entries in dsliteNATBindTable 1049 Unauthorized read access to the dsliteTunnelTable would reveal 1050 information about the tunnel topology. 1052 SNMP versions prior to SNMPv3 did not include adequate security. 1053 Even if the network itself is secure (for example by using IPSec), 1054 there is no control as to who on the secure network is allowed to 1055 access and GET/SET (read/change/create/delete) the objects in this 1056 MIB module. 1058 Implementations SHOULD provide the security features described by the 1059 SNMPv3 framework (see [RFC3410]), and implementations claiming 1060 compliance to the SNMPv3 standard MUST include full support for 1061 authentication and privacy via the User-based Security Model (USM) 1062 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 1063 MAY also provide support for the Transport Security Model (TSM) 1064 [RFC5591] in combination with a secure transport such as SSH 1065 [RFC5592] or TLS/DTLS [RFC6353]. 1067 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1068 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1069 enable cryptographic security. It is then a customer/operator 1070 responsibility to ensure that the SNMP entity giving access to an 1071 instance of this MIB module is properly configured to give access to 1072 the objects only to those principals (users) that have legitimate 1073 rights to indeed GET or SET (change/create/delete) them. 1075 10. IANA Considerations 1077 The MIB module in this document uses the following IANA-assigned 1078 OBJECT IDENTIFIER value recorded in the SMI Numbers registry, and the 1079 following IANA-assigned tunnelType value recorded in the 1080 IANAtunnelType-MIB registry: 1082 Descriptor OBJECT IDENTIFIER value 1083 ---------- ----------------------- 1084 DSLite-MIB { mib-2 XXX } 1086 IANAtunnelType ::= TEXTUAL-CONVENTION 1088 SYNTAX INTEGER { 1090 dsLite ("XX") -- dslite tunnel 1092 } 1094 11. Acknowledgements 1096 The authors would like to thanks the valuable comments made by Suresh 1097 Krishnan, Ian Farrer, Yiu Lee, Qi Sun, Yong Cui, David Harrington, 1098 Dave Thaler, Tassos Chatzithomaoglou, Tom Taylor, Hui Deng, Carlos 1099 Pignataro, Matt Miller, Terry Manderson and other members of The 1100 SOFTWIRE WG. 1102 This document was produced using the xml2rfc tool [RFC2629]. 1104 12. References 1106 12.1. Normative References 1108 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1109 Requirement Levels", BCP 14, RFC 2119, 1110 DOI 10.17487/RFC2119, March 1997, 1111 . 1113 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1114 Schoenwaelder, Ed., "Structure of Management Information 1115 Version 2 (SMIv2)", STD 58, RFC 2578, 1116 DOI 10.17487/RFC2578, April 1999, 1117 . 1119 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1120 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 1121 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 1122 . 1124 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1125 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 1126 . 1128 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1129 Architecture for Describing Simple Network Management 1130 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 1131 DOI 10.17487/RFC3411, December 2002, 1132 . 1134 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1135 Schoenwaelder, "Textual Conventions for Internet Network 1136 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 1137 . 1139 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, 1140 DOI 10.17487/RFC4087, June 2005, 1141 . 1143 [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address 1144 Translation (NAT) Behavioral Requirements for Unicast 1145 UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January 1146 2007, . 1148 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1149 Stack Lite Broadband Deployments Following IPv4 1150 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1151 . 1153 [RFC7659] Perreault, S., Tsou, T., Sivakumar, S., and T. Taylor, 1154 "Definitions of Managed Objects for Network Address 1155 Translators (NATs)", RFC 7659, DOI 10.17487/RFC7659, 1156 October 2015, . 1158 12.2. Informative References 1160 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1161 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1162 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 1163 . 1165 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1166 DOI 10.17487/RFC2629, June 1999, 1167 . 1169 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1170 "Introduction and Applicability Statements for Internet- 1171 Standard Management Framework", RFC 3410, 1172 DOI 10.17487/RFC3410, December 2002, 1173 . 1175 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 1176 (USM) for version 3 of the Simple Network Management 1177 Protocol (SNMPv3)", STD 62, RFC 3414, 1178 DOI 10.17487/RFC3414, December 2002, 1179 . 1181 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 1182 Advanced Encryption Standard (AES) Cipher Algorithm in the 1183 SNMP User-based Security Model", RFC 3826, 1184 DOI 10.17487/RFC3826, June 2004, 1185 . 1187 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 1188 for the Simple Network Management Protocol (SNMP)", 1189 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 1190 . 1192 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 1193 Shell Transport Model for the Simple Network Management 1194 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 1195 2009, . 1197 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 1198 Model for the Simple Network Management Protocol (SNMP)", 1199 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 1200 . 1202 Authors' Addresses 1204 Yu Fu 1205 CNNIC 1206 No.4 South 4th Street, Zhongguancun 1207 Hai-Dian District, Beijing, 100190 1208 P.R. China 1210 Email: fuyu@cnnic.cn 1212 Sheng Jiang 1213 Huawei Technologies Co., Ltd 1214 Q14, Huawei Campus, No.156 Beiqing Road 1215 Hai-Dian District, Beijing, 100095 1216 P.R. China 1218 Email: jiangsheng@huawei.com 1220 Jiang Dong 1221 Tsinghua University 1222 Department of Computer Science, Tsinghua University 1223 Beijing 100084 1224 P.R. China 1226 Email: knight.dongjiang@gmail.com 1228 Yuchi Chen 1229 Tsinghua University 1230 Department of Computer Science, Tsinghua University 1231 Beijing 100084 1232 P.R. China 1234 Email: flashfoxmx@gmail.com