idnits 2.17.1 draft-ietf-softwire-dslite-mib-15.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 3, 2016) is 2998 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Y. Fu 3 Internet-Draft CNNIC 4 Intended status: Standards Track S. Jiang 5 Expires: July 6, 2016 Huawei Technologies Co., Ltd 6 J. Dong 7 Y. Chen 8 Tsinghua University 9 January 3, 2016 11 DS-Lite Management Information Base (MIB) for AFTRs 12 draft-ietf-softwire-dslite-mib-15 14 Abstract 16 This memo defines a portion of the Management Information Base (MIB) 17 for using with network management protocols in the Internet 18 community. In particular, it defines managed objects for Address 19 Family Transition Routers (AFTRs) of Dual-Stack Lite (DS-Lite). 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at http://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on July 6, 2016. 38 Copyright Notice 40 Copyright (c) 2016 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (http://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 57 3. The Internet-Standard Management Framework . . . . . . . . . 3 58 4. Relationship to the IF-MIB . . . . . . . . . . . . . . . . . 3 59 5. Difference from the IP tunnel MIB and NATV2-MIB . . . . . . . 3 60 6. Structure of the MIB Module . . . . . . . . . . . . . . . . . 4 61 6.1. The Object Group . . . . . . . . . . . . . . . . . . . . 5 62 6.1.1. The dsliteTunnel Subtree . . . . . . . . . . . . . . 5 63 6.1.2. The dsliteNAT Subtree . . . . . . . . . . . . . . . . 5 64 6.1.3. The dsliteInfo Subtree . . . . . . . . . . . . . . . 5 65 6.2. The Notification Group . . . . . . . . . . . . . . . . . 5 66 6.3. The Conformance Group . . . . . . . . . . . . . . . . . . 5 67 7. MIB modules required for IMPORTS . . . . . . . . . . . . . . 5 68 8. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 69 9. Security Considerations . . . . . . . . . . . . . . . . . . . 22 70 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23 71 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24 72 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 24 73 12.1. Normative References . . . . . . . . . . . . . . . . . . 24 74 12.2. Informative References . . . . . . . . . . . . . . . . . 25 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 77 1. Introduction 79 Dual-Stack Lite [RFC6333] is a solution to offer both IPv4 and IPv6 80 connectivity to customers crossing an IPv6 only infrastructure. One 81 of its key components is an IPv4-over-IPv6 tunnel, which is used to 82 provide IPv4 connectivity across a service provider's IPv6 network. 83 Another key component is a carrier-grade IPv4-IPv4 Network Address 84 Translation (NAT) to share service provider IPv4 addresses among 85 customers. 87 This document defines a portion of the Management Information Base 88 (MIB) for using with network management protocols in the Internet 89 community. This MIB module may be used for configuration and 90 monitoring Address Family Transition Routers (AFTRs) in a Dual-Stack 91 Lite scenario. 93 2. Requirements Language 95 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 96 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 97 "OPTIONAL" in this document are to be interpreted as described in 98 [RFC2119] when they appear in ALL CAPS. When these words are not in 99 ALL CAPS (such as "should" or "Should"), they have their usual 100 English meanings, and are not to be interpreted as [RFC2119] key 101 words. 103 3. The Internet-Standard Management Framework 105 For a detailed overview of the documents that describe the current 106 Internet-Standard Management Framework, please refer to section 7 of 107 [RFC3410]. 109 Managed objects are accessed via a virtual information store, termed 110 the Management Information Base or MIB. MIB objects are generally 111 accessed through the Simple Network Management Protocol (SNMP). 112 Objects in the MIB are defined using the mechanisms defined in the 113 Structure of Management Information (SMI). This memo specifies a MIB 114 module that is compliant to the SMIv2, which is described in 115 [RFC2578], [RFC2579] and [RFC2580]. 117 4. Relationship to the IF-MIB 119 The Interfaces MIB [RFC2863] defines generic managed objects for 120 managing interfaces. Each logical interface (physical or virtual) 121 has an ifEntry. Tunnels are handled by creating a logical interface 122 (ifEntry) for each tunnel. Each DS-Lite tunnel endpoint also acts as 123 a virtual interface, which has a corresponding entry in the IP Tunnel 124 MIB and Interface MIB. Those corresponding entries are indexed by 125 ifIndex. 127 The ifOperStatus in ifTable is used to represent whether the DS-Lite 128 tunnel function has been triggered. The ifInUcastPkts defined in 129 ifTable will represent the number of IPv4 packets that have been 130 encapsulated into IPv6 packets sent to a B4. The ifOutUcastPkts 131 defined in ifTable contains the number of IPv6 packets that can be 132 decapsulated to IPv4 in the virtual interface. Also, the IF-MIB 133 defines ifMtu for the MTU of this tunnel interface, so DS-Lite MIB 134 does not need to define the MTU for the tunnel. 136 5. Difference from the IP tunnel MIB and NATV2-MIB 138 The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnels 139 and NAT (IPv4 to IPv4 translation). 141 Notes: According to section 5.2 of [RFC6333], DS-Lite only defines 142 IPv4 in IPv6 tunnels at this moment, but other types of encapsulation 143 could be defined in the future. So this DS-Lite MIB only supports IP 144 in IP encapsulation. If another RFC defines other tunnel types in 145 the future, this DS-Lite MIB will be updated then. 147 The NATV2-MIB [RFC7659] is designed to carry translation from any 148 address family to any address family, therefore it supports IPv4 to 149 IPv4 translation. 151 The IP Tunnel MIB [RFC4087] is designed for managing tunnels of any 152 type over IPv4 and IPv6 networks, therefore it has already supports 153 IP in IP tunnels. But in a DS-Lite scenario, the tunnel type is 154 point-to-multipoint IP in IP tunnels. The direct(2) defined in IP 155 Tunnel MIB only supports point-to-point tunnel. So it needs to 156 define a new tunnel type for DS-Lite. 158 However, the NATV2-MIB and IP Tunnel MIB together are not sufficient 159 to support DS-Lite. This document describes the specific features 160 for DS-Lite MIB, as below. 162 In the DS-Lite scenario, the Address Family Transition Router (AFTR) 163 is not only the tunnel end concentrator, but also an IPv4-to-IPv4 164 NAT. So as defined in [RFC6333], when the IPv4 packets come back 165 from the Internet to the AFTR, it knows how to reconstruct the IPv6 166 encapsulation by doing a reverse lookup in the extended IPv4 NAT 167 binding table (section 6.6 of [RFC6333]). The NAT binding table in 168 the AFTR is extended to include the IPv6 address of the tunnel 169 initiator. However, the NAT binding information defined in NATV2-MIB 170 as natv2PortMapTable is indexed by the NAT instance, protocol, and 171 external realm and address. Because the tunnelIfTable defined in the 172 TUNNEL-MIB [RFC4087] is indexed by the ifIndex, the DS-Lite-MIB needs 173 to define the tunnel objects to extend the NAT binding entry by 174 interface. Therefore, a combined MIB is necessary. 176 An implementation of the IP Tunnel MIB is required for DS-Lite. As 177 the tunnel is not point-to-point in DS-Lite, it needs to define a new 178 tunnel type for DS-Lite. And the tunnelIfEncapsMethod in the 179 tunnelIfEntry should be set to dsLite ("xx"), and a corresponding 180 entry in the DS-Lite module will exist for every tunnelIfEntry with 181 this tunnelIfEncapsMethod. The tunnelIfRemoteInetAddress must be set 182 to "::". 184 6. Structure of the MIB Module 186 The DS-Lite MIB provides a way to monitor and manage the devices 187 (AFTRs) in a DS-Lite scenario through SNMP. 189 The DS-Lite MIB is configurable on a per-interface basis. It depends 190 on several parts of the IF-MIB [RFC2863], IP Tunnel MIB [RFC4087], 191 and NATV2-MIB [RFC7659]. 193 6.1. The Object Group 195 This group defines objects that are needed for DS-Lite MIB. 197 6.1.1. The dsliteTunnel Subtree 199 The dsliteTunnel subtree describes managed objects used for managing 200 tunnels in the DS-Lite scenario. Because the 201 tunnelInetConfigLocalAddress and tunnelInetConfigRemoteAddress 202 defined in the IP Tunnel MIB are not readable, a few new objects are 203 defined in DS-Lite MIB. 205 6.1.2. The dsliteNAT Subtree 207 The dsliteNAT subtree describes managed objects used for 208 configuration as well as monitoring of an AFTR which is capable of a 209 NAT function. Because the NATV2-MIB supports the NAT management 210 function in DS-Lite, we may reuse it in DS-Lite MIB. The dsliteNAT 211 subtree also provides the mapping information between the tunnel 212 entry (dsliteTunnelEntry) and the NAT entry (dsliteNATBindEntry) by 213 adding the IPv6 address of the B4 to the natv2PortMapEntry in the 214 NATV2-MIB. 216 6.1.3. The dsliteInfo Subtree 218 The dsliteInfo subtree provides statistical information for DS-Lite. 220 6.2. The Notification Group 222 This group defines some notification objects for a DS-Lite scenario. 224 6.3. The Conformance Group 226 The dsliteConformance subtree provides conformance information of MIB 227 objects. 229 7. MIB modules required for IMPORTS 231 This MIB module IMPORTs objects from [RFC2578], [RFC2580], [RFC2863], 232 [RFC3411], [RFC4001] and [RFC7659]. 234 8. Definitions 236 DSLite-MIB DEFINITIONS ::= BEGIN 238 IMPORTS 239 MODULE-IDENTITY, OBJECT-TYPE, mib-2, 240 NOTIFICATION-TYPE, Integer32, 241 Counter64, Unsigned32 242 FROM SNMPv2-SMI 244 OBJECT-GROUP, MODULE-COMPLIANCE, 245 NOTIFICATION-GROUP 246 FROM SNMPv2-CONF 248 SnmpAdminString 249 FROM SNMP-FRAMEWORK-MIB 251 ifIndex 252 FROM IF-MIB 254 InetAddress, InetAddressType, InetAddressPrefixLength, 255 InetPortNumber 256 FROM INET-ADDRESS-MIB 258 ProtocolNumber, Natv2InstanceIndex, Natv2SubscriberIndex 259 FROM NATV2-MIB; 261 dsliteMIB MODULE-IDENTITY 262 LAST-UPDATED "201601030000Z" -- January 03, 2016 263 ORGANIZATION "IETF Softwire Working Group" 264 CONTACT-INFO 265 "Yu Fu 266 CNNIC 267 No.4 South 4th Street, Zhongguancun, Hai-Dian District 268 Beijing, P.R. China 100090 269 EMail: fuyu@cnnic.cn 271 Sheng Jiang 272 Huawei Technologies Co., Ltd 273 Huawei Building, 156 Beiqing Rd., Hai-Dian District 274 Beijing, P.R. China 100095 275 EMail: jiangsheng@huawei.com 277 Jiang Dong 278 Tsinghua University 279 Department of Computer Science, Tsinghua University 280 Beijing 100084 281 P.R. China 282 Email: knight.dongjiang@gmail.com 284 Yuchi Chen 285 Tsinghua University 286 Department of Computer Science, Tsinghua University 287 Beijing 100084 288 P.R. China 289 Email: flashfoxmx@gmail.com " 291 DESCRIPTION 292 "The MIB module is defined for management of objects in the 293 DS-Lite scenario. 294 Copyright (C) The Internet Society (2016). This version 295 of this MIB module is part of RFC yyyy; see the RFC itself 296 for full legal notices. " 297 REVISION "201601030000Z" 298 DESCRIPTION 299 "Initial version. Published as RFC xxxx." 300 --RFC Ed.: RFC-edtitor pls fill in xxxx 301 ::= { mib-2 xxx } 302 --RFC Ed.: assigned by IANA, see section 10 for details 304 --Top level components of this MIB module 306 dsliteMIBObjects OBJECT IDENTIFIER 307 ::= { dsliteMIB 1 } 308 dsliteTunnel OBJECT IDENTIFIER 309 ::= { dsliteMIBObjects 1 } 311 dsliteNAT OBJECT IDENTIFIER 312 ::= { dsliteMIBObjects 2 } 314 dsliteInfo OBJECT IDENTIFIER 315 ::= { dsliteMIBObjects 3 } 317 --Notifications section 319 dsliteNotifications OBJECT IDENTIFIER 320 ::= { dsliteMIB 0 } 322 --dsliteTunnel 324 --dsliteTunnelTable 326 dsliteTunnelTable OBJECT-TYPE 327 SYNTAX SEQUENCE OF DsliteTunnelEntry 328 MAX-ACCESS not-accessible 329 STATUS current 330 DESCRIPTION 331 "The (conceptual) table containing information on 332 configured tunnels. This table can be used to map 333 a B4 address to the associated AFTR address. It can 334 also be used for row creation." 335 REFERENCE 336 "B4, AFTR: RFC6333." 337 ::= { dsliteTunnel 1 } 339 dsliteTunnelEntry OBJECT-TYPE 340 SYNTAX DsliteTunnelEntry 341 MAX-ACCESS not-accessible 342 STATUS current 343 DESCRIPTION 344 "Each entry in this table contains the information on a 345 particular configured tunnel." 346 INDEX { dsliteTunnelAddressType, 347 dsliteTunnelStartAddress, 348 dsliteTunnelEndAddress, 349 ifIndex } 350 ::= { dsliteTunnelTable 1 } 352 DsliteTunnelEntry ::= 353 SEQUENCE { 354 dsliteTunnelAddressType InetAddressType, 355 dsliteTunnelStartAddress InetAddress, 356 dsliteTunnelEndAddress InetAddress, 357 dsliteTunnelStartAddPreLen InetAddressPrefixLength 358 } 360 dsliteTunnelAddressType OBJECT-TYPE 361 SYNTAX InetAddressType 362 MAX-ACCESS not-accessible 363 STATUS current 364 DESCRIPTION 365 "This object MUST be set to the value of ipv6(2). 366 It describes the address type of the IPv4-in-IPv6 367 tunnel initiator and endpoint." 368 REFERENCE 369 "ipv6(2): RFC4001." 370 ::= { dsliteTunnelEntry 1 } 372 dsliteTunnelStartAddress OBJECT-TYPE 373 SYNTAX InetAddress (SIZE (0..16)) 374 MAX-ACCESS not-accessible 375 STATUS current 376 DESCRIPTION 377 "The IPv6 address of the initiator of the tunnel 378 The address type is given by dsliteTunnelAddressType." 379 ::= { dsliteTunnelEntry 2 } 381 dsliteTunnelEndAddress OBJECT-TYPE 382 SYNTAX InetAddress (SIZE (0..16)) 383 MAX-ACCESS not-accessible 384 STATUS current 385 DESCRIPTION 386 "The IPv6 address of the endpoint of the tunnel 387 The address type is given by dsliteTunnelAddressType." 388 ::= { dsliteTunnelEntry 3 } 390 dsliteTunnelStartAddPreLen OBJECT-TYPE 391 SYNTAX InetAddressPrefixLength 392 MAX-ACCESS read-only 393 STATUS current 394 DESCRIPTION 395 "The IPv6 prefix length of the IP address for the 396 initiator of the tunnel(dsliteTunnelStartAddress)." 397 ::= { dsliteTunnelEntry 4 } 399 --dsliteNATBindTable(according to the NAPT scheme) 401 dsliteNATBindTable OBJECT-TYPE 402 SYNTAX SEQUENCE OF DsliteNATBindEntry 403 MAX-ACCESS not-accessible 404 STATUS current 405 DESCRIPTION 406 "This table contains information about currently 407 active NAT binds in the NAT of the AFTR. This table 408 adds the IPv6 address of a B4 to the natv2PortMapTable 409 defined in NATV2-MIB (RFC7659)." 410 REFERENCE 411 "NATV2-MIB: section 4 of RFC7659." 412 ::= { dsliteNAT 1 } 414 dsliteNATBindEntry OBJECT-TYPE 415 SYNTAX DsliteNATBindEntry 416 MAX-ACCESS not-accessible 417 STATUS current 418 DESCRIPTION 419 "The entry in this table holds the mapping relationship 420 between tunnel information and NAT bind information. 421 Each entry in this table not only need to match a 422 corresponding entry in the natv2PortMapTable but 423 also a corresponding entry in the dsliteTunnelTable. 424 So the INDEX of the entry needs to match a corresponding 425 value in the natv2PortMapTable INDEX and a correspongding 426 value in the dsliteTunnelTable INDEX. These entries are 427 lost upon agent restart." 428 REFERENCE 429 "natv2PortMapTable: section 4 of RFC7659." 430 INDEX { dsliteNATBindMappingInstanceIndex, 431 dsliteNATBindMappingProto, 432 dsliteNATBindMappingExtRealm, 433 dsliteNATBindMappingExtAddressType, 434 dsliteNATBindMappingExtAddress, 435 dsliteNATBindMappingExtPort, 436 ifIndex, 437 dsliteTunnelStartAddress } 438 ::= { dsliteNATBindTable 1 } 440 DsliteNATBindEntry ::= 441 SEQUENCE { 442 dsliteNATBindMappingInstanceIndex Natv2InstanceIndex, 443 dsliteNATBindMappingProto ProtocolNumber, 444 dsliteNATBindMappingExtRealm SnmpAdminString, 445 dsliteNATBindMappingExtAddressType InetAddressType, 446 dsliteNATBindMappingExtAddress InetAddress, 447 dsliteNATBindMappingExtPort InetPortNumber, 448 dsliteNATBindMappingIntRealm SnmpAdminString, 449 dsliteNATBindMappingIntAddressType InetAddressType, 450 dsliteNATBindMappingIntAddress InetAddress, 451 dsliteNATBindMappingIntPort InetPortNumber, 452 dsliteNATBindMappingPool Unsigned32, 453 dsliteNATBindMappingMapBehavior INTEGER, 454 dsliteNATBindMappingFilterBehavior INTEGER, 455 dsliteNATBindMappingAddressPooling INTEGER 456 } 458 dsliteNATBindMappingInstanceIndex OBJECT-TYPE 459 SYNTAX Natv2InstanceIndex 460 MAX-ACCESS not-accessible 461 STATUS current 462 DESCRIPTION 463 "Index of the NAT instance that created this port 464 map entry." 465 ::= { dsliteNATBindEntry 1 } 467 dsliteNATBindMappingProto OBJECT-TYPE 468 SYNTAX ProtocolNumber 469 MAX-ACCESS not-accessible 470 STATUS current 471 DESCRIPTION 472 "This object specifies the mapping's transport protocol 473 number." 474 ::= { dsliteNATBindEntry 2 } 476 dsliteNATBindMappingExtRealm OBJECT-TYPE 477 SYNTAX SnmpAdminString (SIZE(0..32)) 478 MAX-ACCESS not-accessible 479 STATUS current 480 DESCRIPTION 481 "The realm to which dsliteNATBindMappingExtAddress 482 belongs." 483 ::= { dsliteNATBindEntry 3 } 485 dsliteNATBindMappingExtAddressType OBJECT-TYPE 486 SYNTAX InetAddressType 487 MAX-ACCESS not-accessible 488 STATUS current 489 DESCRIPTION 490 "Address type for the mapping's external address. 491 This object MUST be set to the value of iPv4(1). 492 The values of ipv6(2), ipv4z(3) and ipv6z(4) are 493 not allowed." 494 REFERENCE 495 "ipv4(1), ipv6(2), iPv4z(3) and ipv6z(4): RFC4001." 496 ::= { dsliteNATBindEntry 4 } 498 dsliteNATBindMappingExtAddress OBJECT-TYPE 499 SYNTAX InetAddress (SIZE (0..4)) 500 MAX-ACCESS not-accessible 501 STATUS current 502 DESCRIPTION 503 "The mapping's external address. This is the source 504 address for translated outgoing packets. The address 505 type is given by dsliteNATBindMappingExtAddressType." 506 ::= { dsliteNATBindEntry 5 } 508 dsliteNATBindMappingExtPort OBJECT-TYPE 509 SYNTAX InetPortNumber 510 MAX-ACCESS not-accessible 511 STATUS current 512 DESCRIPTION 513 "The mapping's assigned external port number. 514 This is the source port for translated outgoing 515 packets. This MUST be a non-zero value." 516 ::= { dsliteNATBindEntry 6 } 518 dsliteNATBindMappingIntRealm OBJECT-TYPE 519 SYNTAX SnmpAdminString (SIZE(0..32)) 520 MAX-ACCESS read-only 521 STATUS current 522 DESCRIPTION 523 "The realm to which natMappingIntAddress belongs. This 524 realm defines the IPv6 address space from which the 525 tunnel source address is taken. The realm of the 526 encapsulated IPv4 address is restricted in scope to 527 the tunnel, so there is no point in identifying it 528 separately." 529 ::= { dsliteNATBindEntry 7 } 531 dsliteNATBindMappingIntAddressType OBJECT-TYPE 532 SYNTAX InetAddressType 533 MAX-ACCESS read-only 534 STATUS current 535 DESCRIPTION 536 "Address type of the mapping's internal address. 537 This object MUST be set to the value of iPv4z(3). 538 The values of ipv4(1), ipv6(2) and ipv6z(4) are 539 not allowed." 540 REFERENCE 541 "ipv4(1), ipv6(2), iPv4z(3) and ipv6z(4): RFC4001." 542 ::= { dsliteNATBindEntry 8 } 544 dsliteNATBindMappingIntAddress OBJECT-TYPE 545 SYNTAX InetAddress 546 MAX-ACCESS read-only 547 STATUS current 548 DESCRIPTION 549 "The mapping's internal address. It is the IPv6 tunnel 550 source address. The address type is given by 551 dsliteNATBindMappingIntAddressType." 552 ::= { dsliteNATBindEntry 9 } 554 dsliteNATBindMappingIntPort OBJECT-TYPE 555 SYNTAX InetPortNumber 556 MAX-ACCESS read-only 557 STATUS current 558 DESCRIPTION 559 "The mapping's internal port number. This MUST be a non-zero 560 value." 561 ::= { dsliteNATBindEntry 10 } 563 dsliteNATBindMappingPool OBJECT-TYPE 564 SYNTAX Unsigned32 (0|1..4294967295) 565 MAX-ACCESS read-only 566 STATUS current 567 DESCRIPTION 568 "Index of the pool that contains this mapping's external 569 address and port. If zero, no pool is associated with this 570 mapping." 571 ::= { dsliteNATBindEntry 11 } 573 dsliteNATBindMappingMapBehavior OBJECT-TYPE 574 SYNTAX INTEGER{ 575 endpointIndependent (0), 576 addressDependent(1), 577 addressAndPortDependent (2) 578 } 579 MAX-ACCESS read-only 580 STATUS current 581 DESCRIPTION 582 "Mapping behavior as described in [RFC4787] section 4.1. 584 endpointIndependent(0), the behavior REQUIRED by 585 RFC4787, REQ-1, maps the source address and port to 586 the same external address and port for all destination 587 address and port combinations reached through the same 588 external realm and using the given protocol. 590 addressDependent(1) maps to the same external address 591 and port for all destination ports at the same 592 destination address reached through the same external 593 realm and using the given protocol. 595 addressAndPortDependent(2) maps to a separate external 596 address and port combination for each different 597 destination address and port combination reached 598 through the same external realm. 600 For the DS-Lite scenario, it must be 601 addressAndPortDependent(2)." 602 REFERENCE 603 "Mapping behavior: section 4.1 of RFC4787. 604 DS-Lite: RFC 6333." 605 ::= { dsliteNATBindEntry 12 } 607 dsliteNATBindMappingFilterBehavior OBJECT-TYPE 608 SYNTAX INTEGER{ 609 endpointIndependent (0), 610 addressDependent(1), 611 addressAndPortDependent (2) 612 } 613 MAX-ACCESS read-only 614 STATUS current 615 DESCRIPTION 616 "Filtering behavior as described in [RFC4787] section 5. 618 endpointIndependent(0) accepts for translation packets 619 from all combinations of remote address and port 620 destined to the mapped external address and port via 621 the given external realm and using the given protocol. 623 addressDependent(1) accepts for translation packets from 624 all remote ports from the same remote source address 625 destined to the mapped external address and port via the 626 given external realm and using the given protocol. 628 addressAndPortDependent(2) accepts for translation only 629 those packets with the same remote source address, port, 630 and protocol incoming from the same external realm as 631 identified when the applicable port map entry was 632 created. 634 RFC 4787, REQ-8 recommends either endpointIndependent(0) 635 or addressDependent(1) filtering behavior depending on 636 whether application friendliness or security takes 637 priority. 639 For the DS-Lite scenario, it must be 640 addressAndPortDependent(2)." 641 REFERENCE 642 "Filtering behavior: section 5 of RFC4787. 643 DS-Lite: RFC6333." 644 ::= { dsliteNATBindEntry 13 } 646 dsliteNATBindMappingAddressPooling OBJECT-TYPE 647 SYNTAX INTEGER{ 648 arbitrary (0), 649 paired (1) 650 } 651 MAX-ACCESS read-only 652 STATUS current 653 DESCRIPTION 654 "Type of address pooling behavior that was used to create 655 this mapping. 657 arbitrary(0) pooling behavior means that the NAT instance 658 may create the new port mapping using any address in the 659 pool that has a free port for the protocol concerned. 661 paired(1) pooling behavior, the behavior RECOMMENDED by RFC 662 4787, REQ-2, means that once a given internal address has 663 been mapped to a particular address in a particular pool, 664 further mappings of the same internal address to that pool 665 will reuse the previously assigned pool member address." 666 REFERENCE 667 "Pooling behavior: section 4.1 of RFC4787." 668 ::= { dsliteNATBindEntry 14 } 670 --dsliteInfo 672 dsliteAFTRAlarmScalar OBJECT IDENTIFIER ::= { dsliteInfo 1 } 674 dsliteAFTRAlarmB4AddrType OBJECT-TYPE 675 SYNTAX InetAddressType 676 MAX-ACCESS accessible-for-notify 677 STATUS current 678 DESCRIPTION 679 "This object indicates the address type of 680 the B4 which will send an alarm." 681 ::= { dsliteAFTRAlarmScalar 1 } 683 dsliteAFTRAlarmB4Addr OBJECT-TYPE 684 SYNTAX InetAddress 685 MAX-ACCESS accessible-for-notify 686 STATUS current 687 DESCRIPTION 688 "This object indicates the IP address of 689 B4 which will send an alarm. The address type is 690 given by dsliteAFTRAlarmB4AddrType." 691 ::= { dsliteAFTRAlarmScalar 2 } 693 dsliteAFTRAlarmProtocolType OBJECT-TYPE 694 SYNTAX INTEGER{ 695 tcp (0), 696 udp (1), 697 icmp (2), 698 total (3) 699 } 700 MAX-ACCESS accessible-for-notify 701 STATUS current 702 DESCRIPTION 703 "This object indicates the transport protocol type 704 of alarm. 706 tcp (0) means that the transport protocoal type of 707 alarm is tcp. 709 udp (1) means that the transport protocoal type of 710 alarm is udp. 712 icmp (2) means that the transport protocoal type of 713 alarm is icmp. 715 total (3) means that the transport protocoal type of 716 alarm is total." 717 ::= { dsliteAFTRAlarmScalar 3 } 719 dsliteAFTRAlarmSpecificIPAddrType OBJECT-TYPE 720 SYNTAX InetAddressType 721 MAX-ACCESS accessible-for-notify 722 STATUS current 723 DESCRIPTION 724 "This object indicates the address type of the IP address 725 whose port usage has reached the threshold." 726 ::= { dsliteAFTRAlarmScalar 4 } 728 dsliteAFTRAlarmSpecificIP OBJECT-TYPE 729 SYNTAX InetAddress 730 MAX-ACCESS accessible-for-notify 731 STATUS current 732 DESCRIPTION 733 "This object indicates the IP address whose port usage 734 has reached the threshold. The address type is given by 735 dsliteAFTRAlarmSpecificIPAddrType." 736 ::= { dsliteAFTRAlarmScalar 5 } 738 dsliteAFTRAlarmConnectNumber OBJECT-TYPE 739 SYNTAX Integer32 (60..90) 740 MAX-ACCESS read-write 741 STATUS current 742 DESCRIPTION 743 "This object indicates the notification threshold 744 of the DS-Lite tunnels which is active in 745 the AFTR device." 746 REFERENCE 747 "AFTR: section 6 of RFC6333." 748 DEFVAL 749 { 60 } 750 ::= { dsliteAFTRAlarmScalar 6 } 752 dsliteAFTRAlarmSessionNumber OBJECT-TYPE 753 SYNTAX Integer32 754 MAX-ACCESS read-write 755 STATUS current 756 DESCRIPTION 757 "This object indicates the notification threshold of 758 the IPv4 session for the user." 759 REFERENCE 760 "AFTR: section 6 of RFC6333 761 B4: section 5 of RFC6333." 762 DEFVAL 763 { -1 } 764 ::= { dsliteAFTRAlarmScalar 7 } 766 dsliteAFTRAlarmPortNumber OBJECT-TYPE 767 SYNTAX Integer32 768 MAX-ACCESS read-write 769 STATUS current 770 DESCRIPTION 771 "This object indicates the notification threshold of the NAT 772 ports which have been used by user." 773 DEFVAL 774 { -1 } 775 ::= { dsliteAFTRAlarmScalar 8 } 777 dsliteStatisticsTable OBJECT-TYPE 778 SYNTAX SEQUENCE OF DsliteStatisticsEntry 779 MAX-ACCESS not-accessible 780 STATUS current 781 DESCRIPTION 782 "This table provides statistical information 783 about DS-Lite." 784 ::= { dsliteInfo 2 } 786 dsliteStatisticsEntry OBJECT-TYPE 787 SYNTAX DsliteStatisticsEntry 788 MAX-ACCESS not-accessible 789 STATUS current 790 DESCRIPTION 791 "Ench entry in this table provides statistical information 792 about DS-Lite." 793 INDEX { dsliteStatisticsSubscriberIndex } 794 ::= { dsliteStatisticsTable 1 } 796 DsliteStatisticsEntry ::= 797 SEQUENCE { 798 dsliteStatisticsSubscriberIndex Natv2SubscriberIndex, 799 dsliteStatisticsDiscards Counter64, 800 dsliteStatisticsSends Counter64, 801 dsliteStatisticsReceives Counter64, 802 dsliteStatisticsIpv4Session Counter64, 803 dsliteStatisticsIpv6Session Counter64 804 } 806 dsliteStatisticsSubscriberIndex OBJECT-TYPE 807 SYNTAX Natv2SubscriberIndex 808 MAX-ACCESS not-accessible 809 STATUS current 810 DESCRIPTION 811 "Index of the subscriber or host. A unique value, 812 greater than zero, for each subscriber in the 813 managed system." 814 ::= { dsliteStatisticsEntry 1 } 816 dsliteStatisticsDiscards OBJECT-TYPE 817 SYNTAX Counter64 818 MAX-ACCESS read-only 819 STATUS current 820 DESCRIPTION 821 "This object indicates the number of packets 822 discarded from this subscriber." 823 ::= { dsliteStatisticsEntry 2 } 825 dsliteStatisticsSends OBJECT-TYPE 826 SYNTAX Counter64 827 MAX-ACCESS read-only 828 STATUS current 829 DESCRIPTION 830 "This object indicates the number of packets which is 831 sent to this subscriber." 832 ::= { dsliteStatisticsEntry 3 } 834 dsliteStatisticsReceives OBJECT-TYPE 835 SYNTAX Counter64 836 MAX-ACCESS read-only 837 STATUS current 838 DESCRIPTION 839 "This object indicates the number of packets which is 840 received from this subscriber." 841 ::= { dsliteStatisticsEntry 4 } 843 dsliteStatisticsIpv4Session OBJECT-TYPE 844 SYNTAX Counter64 845 MAX-ACCESS read-only 846 STATUS current 847 DESCRIPTION 848 "This object indicates the number of the 849 current IPv4 Sessions." 850 REFERENCE 851 "Session: the paragraph 2 of RFC6333 section 11. 852 (The AFTR should have the capability to log the 853 tunnel-id, protocol, ports/IP addresses, and 854 the creation time of the NAT binding to uniquely 855 identify the user sessions)." 856 ::= { dsliteStatisticsEntry 5 } 858 dsliteStatisticsIpv6Session OBJECT-TYPE 859 SYNTAX Counter64 860 MAX-ACCESS read-only 861 STATUS current 862 DESCRIPTION 863 "This object indicates the number of the 864 current IPv6 Session. Because the AFTR is 865 also a dual-stack device, it will also 866 forward normal IPv6 packets for the 867 inbound and outbound direction." 868 REFERENCE 869 "Session: the paragraph 2 of RFC6333 section 11. 870 (The AFTR should have the capability to log the 871 tunnel-id, protocol, ports/IP addresses, and 872 the creation time of the NAT binding to uniquely 873 identify the user sessions)." 874 ::= { dsliteStatisticsEntry 6 } 876 ---dslite Notifications 878 dsliteTunnelNumAlarm NOTIFICATION-TYPE 879 OBJECTS { dsliteAFTRAlarmProtocolType, 880 dsliteAFTRAlarmB4AddrType, 881 dsliteAFTRAlarmB4Addr } 882 STATUS current 883 DESCRIPTION 884 "This trap is triggered when the number of 885 current dslite tunnels exceeds the value of 886 dsliteAFTRAlarmConnectNumber." 887 ::= { dsliteNotifications 1 } 889 dsliteAFTRUserSessionNumAlarm NOTIFICATION-TYPE 890 OBJECTS { dsliteAFTRAlarmProtocolType, 891 dsliteAFTRAlarmB4AddrType, 892 dsliteAFTRAlarmB4Addr } 893 STATUS current 894 DESCRIPTION 895 "This trap is triggered when user sessions 896 reach the threshold. The threshold 897 is specified by the dsliteAFTRAlarmSessionNumber." 898 REFERENCE 899 "Session: the paragraph 2 of RFC6333 section 11. 900 (The AFTR should have the capability to log the 901 tunnel-id, protocol, ports/IP addresses, and 902 the creation time of the NAT binding to uniquely 903 identify the user sessions)." 904 ::= { dsliteNotifications 2 } 906 dsliteAFTRPortUsageOfSpecificIpAlarm NOTIFICATION-TYPE 907 OBJECTS { dsliteAFTRAlarmSpecificIPAddrType, 908 dsliteAFTRAlarmSpecificIP } 909 STATUS current 910 DESCRIPTION 911 "This trap is triggered when the used NAT 912 ports of map address reach the threshold. 913 The threshold is specified by the 914 dsliteAFTRAlarmPortNumber." 915 ::= { dsliteNotifications 3 } 917 --Module Conformance statement 919 dsliteConformance OBJECT IDENTIFIER 920 ::= { dsliteMIB 2 } 922 dsliteCompliances OBJECT IDENTIFIER ::= { dsliteConformance 1 } 924 dsliteGroups OBJECT IDENTIFIER ::= { dsliteConformance 2 } 926 -- compliance statements 928 dsliteCompliance MODULE-COMPLIANCE 929 STATUS current 930 DESCRIPTION 931 "Describes the minimal requirements for conformance 932 to the DSLite-MIB." 933 MODULE -- this module 934 MANDATORY-GROUPS { dsliteNATBindGroup, 935 dsliteTunnelGroup, 936 dsliteStatisticsGroup, 937 dsliteNotificationsGroup, 938 dsliteAFTRAlarmScalarGroup } 939 ::= { dsliteCompliances 1 } 941 dsliteNATBindGroup OBJECT-GROUP 942 OBJECTS { 943 dsliteNATBindMappingIntRealm, 944 dsliteNATBindMappingIntAddressType, 945 dsliteNATBindMappingIntAddress, 946 dsliteNATBindMappingIntPort, 947 dsliteNATBindMappingPool, 948 dsliteNATBindMappingMapBehavior, 949 dsliteNATBindMappingFilterBehavior, 950 dsliteNATBindMappingAddressPooling } 951 STATUS current 952 DESCRIPTION 953 "A collection of objects to support basic 954 management of NAT binds in the NAT of the AFTR." 955 ::= { dsliteGroups 1 } 957 dsliteTunnelGroup OBJECT-GROUP 958 OBJECTS { dsliteTunnelStartAddPreLen } 959 STATUS current 960 DESCRIPTION 961 "A collection of objects to support management 962 of ds-lite tunnels." 963 ::= { dsliteGroups 2 } 965 dsliteStatisticsGroup OBJECT-GROUP 966 OBJECTS { dsliteStatisticsDiscards, 967 dsliteStatisticsSends, 968 dsliteStatisticsReceives, 969 dsliteStatisticsIpv4Session, 970 dsliteStatisticsIpv6Session } 971 STATUS current 972 DESCRIPTION 973 " A collection of objects to support management 974 of statistical information for AFTR devices." 975 ::= { dsliteGroups 3 } 977 dsliteNotificationsGroup NOTIFICATION-GROUP 978 NOTIFICATIONS { dsliteTunnelNumAlarm, 979 dsliteAFTRUserSessionNumAlarm, 980 dsliteAFTRPortUsageOfSpecificIpAlarm } 981 STATUS current 982 DESCRIPTION 983 "A collection of objects to support management 984 of trap information for AFTR devices." 985 ::= { dsliteGroups 4 } 987 dsliteAFTRAlarmScalarGroup OBJECT-GROUP 988 OBJECTS { dsliteAFTRAlarmB4AddrType, 989 dsliteAFTRAlarmB4Addr, 990 dsliteAFTRAlarmProtocolType, 991 dsliteAFTRAlarmSpecificIPAddrType, 992 dsliteAFTRAlarmSpecificIP, 993 dsliteAFTRAlarmConnectNumber, 994 dsliteAFTRAlarmSessionNumber, 995 dsliteAFTRAlarmPortNumber} 996 STATUS current 997 DESCRIPTION 998 "A collection of objects to surpport management of 999 the information about AFTR alarming Scalar." 1000 ::= { dsliteGroups 5 } 1002 END 1004 9. Security Considerations 1006 There are three objects defined in this MIB module with a MAX-ACCESS 1007 clause of read-write. Such objects may be considered sensitive or 1008 vulnerable in some network environments. The support for SET 1009 operations in a non-secure environment without proper protection 1010 opens devices to attack. These are the tables and objects and their 1011 sensitivity/vulnerability: 1013 Notification thresholds: An attacker setting an arbitrarily low 1014 threshold can cause many useless notifications to be generated. 1015 Setting an arbitrarily high threshold can effectively disable 1016 notifications, which could be used to hide another attack. 1018 dsliteAFTRAlarmConnectNumber 1020 dsliteAFTRAlarmSessionNumber 1022 dsliteAFTRAlarmPortNumber 1024 Some of the readable objects in this MIB module (i.e., objects with a 1025 MAX-ACCESS other than not-accessible) may be considered sensitive or 1026 vulnerable in some network environments. It is thus important to 1027 control even GET and/or NOTIFY access to these objects and possibly 1028 to even encrypt the values of these objects when sending them over 1029 the network via SNMP. These are the tables and objects and their 1030 sensitivity/vulnerability: 1032 Objects that reveal host identities: Various objects can reveal the 1033 identity of private hosts that are engaged in a session with external 1034 end nodes. A curious outsider could monitor these to assess the 1035 number of private hosts being supported by the AFTR device. Further, 1036 a disgruntled former employee of an enterprise could use the 1037 information to break into specific private hosts by intercepting the 1038 existing sessions or originating new sessions into the host. If 1039 nothing else, unauthorized monitoring of these objects will violate 1040 individual subscribers' privacy. 1042 entries in dsliteTunnelTable 1044 entries in dsliteNATBindTable 1046 Unauthorized read access to the dsliteTunnelTable would reveal 1047 information about the tunnel topology. 1049 SNMP versions prior to SNMPv3 did not include adequate security. 1050 Even if the network itself is secure (for example by using IPSec), 1051 there is no control as to who on the secure network is allowed to 1052 access and GET/SET (read/change/create/delete) the objects in this 1053 MIB module. 1055 Implementations SHOULD provide the security features described by the 1056 SNMPv3 framework (see [RFC3410]), and implementations claiming 1057 compliance to the SNMPv3 standard MUST include full support for 1058 authentication and privacy via the User-based Security Model (USM) 1059 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 1060 MAY also provide support for the Transport Security Model (TSM) 1061 [RFC5591] in combination with a secure transport such as SSH 1062 [RFC5592] or TLS/DTLS [RFC6353]. 1064 Further, deployment of SNMP versions prior to SNMPv3 is NOT 1065 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 1066 enable cryptographic security. It is then a customer/operator 1067 responsibility to ensure that the SNMP entity giving access to an 1068 instance of this MIB module is properly configured to give access to 1069 the objects only to those principals (users) that have legitimate 1070 rights to indeed GET or SET (change/create/delete) them. 1072 10. IANA Considerations 1074 The MIB module in this document uses the following IANA-assigned 1075 OBJECT IDENTIFIER value recorded in the SMI Numbers registry, and the 1076 following IANA-assigned tunnelType value recorded in the 1077 IANAtunnelType-MIB registry: 1079 Descriptor OBJECT IDENTIFIER value 1080 ---------- ----------------------- 1081 DSLite-MIB { mib-2 XXX } 1083 IANAtunnelType ::= TEXTUAL-CONVENTION 1085 SYNTAX INTEGER { 1087 dsLite ("XX") -- dslite tunnel 1089 } 1091 11. Acknowledgements 1093 The authors would like to thanks the valuable comments made by Suresh 1094 Krishnan, Ian Farrer, Yiu Lee, Qi Sun, Yong Cui, David Harrington, 1095 Dave Thaler, Tassos Chatzithomaoglou, Tom Taylor, Hui Deng, Carlos 1096 Pignataro, Matt Miller, Terry Manderson and other members of The 1097 SOFTWIRE WG. 1099 This document was produced using the xml2rfc tool [RFC2629]. 1101 12. References 1103 12.1. Normative References 1105 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1106 Requirement Levels", BCP 14, RFC 2119, 1107 DOI 10.17487/RFC2119, March 1997, 1108 . 1110 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1111 Schoenwaelder, Ed., "Structure of Management Information 1112 Version 2 (SMIv2)", STD 58, RFC 2578, 1113 DOI 10.17487/RFC2578, April 1999, 1114 . 1116 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1117 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 1118 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 1119 . 1121 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 1122 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 1123 . 1125 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 1126 Architecture for Describing Simple Network Management 1127 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 1128 DOI 10.17487/RFC3411, December 2002, 1129 . 1131 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 1132 Schoenwaelder, "Textual Conventions for Internet Network 1133 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 1134 . 1136 [RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, 1137 DOI 10.17487/RFC4087, June 2005, 1138 . 1140 [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address 1141 Translation (NAT) Behavioral Requirements for Unicast 1142 UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January 1143 2007, . 1145 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1146 Stack Lite Broadband Deployments Following IPv4 1147 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1148 . 1150 [RFC7659] Perreault, S., Tsou, T., Sivakumar, S., and T. Taylor, 1151 "Definitions of Managed Objects for Network Address 1152 Translators (NATs)", RFC 7659, DOI 10.17487/RFC7659, 1153 October 2015, . 1155 12.2. Informative References 1157 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 1158 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 1159 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 1160 . 1162 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1163 DOI 10.17487/RFC2629, June 1999, 1164 . 1166 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 1167 "Introduction and Applicability Statements for Internet- 1168 Standard Management Framework", RFC 3410, 1169 DOI 10.17487/RFC3410, December 2002, 1170 . 1172 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 1173 (USM) for version 3 of the Simple Network Management 1174 Protocol (SNMPv3)", STD 62, RFC 3414, 1175 DOI 10.17487/RFC3414, December 2002, 1176 . 1178 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 1179 Advanced Encryption Standard (AES) Cipher Algorithm in the 1180 SNMP User-based Security Model", RFC 3826, 1181 DOI 10.17487/RFC3826, June 2004, 1182 . 1184 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 1185 for the Simple Network Management Protocol (SNMP)", 1186 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 1187 . 1189 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 1190 Shell Transport Model for the Simple Network Management 1191 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 1192 2009, . 1194 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 1195 Model for the Simple Network Management Protocol (SNMP)", 1196 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 1197 . 1199 Authors' Addresses 1201 Yu Fu 1202 CNNIC 1203 No.4 South 4th Street, Zhongguancun 1204 Hai-Dian District, Beijing, 100190 1205 P.R. China 1207 Email: fuyu@cnnic.cn 1209 Sheng Jiang 1210 Huawei Technologies Co., Ltd 1211 Q14, Huawei Campus, No.156 Beiqing Road 1212 Hai-Dian District, Beijing, 100095 1213 P.R. China 1215 Email: jiangsheng@huawei.com 1217 Jiang Dong 1218 Tsinghua University 1219 Department of Computer Science, Tsinghua University 1220 Beijing 100084 1221 P.R. China 1223 Email: knight.dongjiang@gmail.com 1225 Yuchi Chen 1226 Tsinghua University 1227 Department of Computer Science, Tsinghua University 1228 Beijing 100084 1229 P.R. China 1231 Email: flashfoxmx@gmail.com