idnits 2.17.1 draft-ietf-softwire-map-mib-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 15, 2016) is 2682 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 2629 (Obsoleted by RFC 7749) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Y. Fu 3 Internet-Draft CNNIC 4 Intended status: Standards Track S. Jiang 5 Expires: June 18, 2017 B. Liu 6 Huawei Technologies Co., Ltd 7 J. Dong 8 Y. Chen 9 Tsinghua University 10 December 15, 2016 12 Definitions of Managed Objects for MAP-E 13 draft-ietf-softwire-map-mib-07 15 Abstract 17 This memo defines a portion of the Management Information Base (MIB) 18 for using with network management protocols in the Internet 19 community. In particular, it defines managed objects for MAP 20 encapsulation (MAP-E) mode. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on June 18, 2017. 39 Copyright Notice 41 Copyright (c) 2016 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. The Internet-Standard Management Framework . . . . . . . . . 2 58 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 60 4.1. The mapMIBObjects . . . . . . . . . . . . . . . . . . . . 3 61 4.1.1. The mapRule Subtree . . . . . . . . . . . . . . . . . 3 62 4.1.2. The mapSecurityCheck Subtree . . . . . . . . . . . . 3 63 4.2. The mapMIBConformance Subtree . . . . . . . . . . . . . . 3 64 5. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 65 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 66 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 67 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 68 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 69 9.1. Normative References . . . . . . . . . . . . . . . . . . 12 70 9.2. Informative References . . . . . . . . . . . . . . . . . 13 71 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 73 1. Introduction 75 MAP [RFC7597] is a stateless mechanism for running IPv4 over 76 IPv6-only infrastructure. In particular, it includes two mode, 77 translation mode or encapsulation mode. For the encapsulation mode, 78 it provides an automatic tunnelling mechanism for providing IPv4 79 connectivity service to end users over a service provider's IPv6 80 network 82 This document defines a portion of the Management Information Base 83 (MIB) for use with network management protocols in the Internet 84 community. This MIB module would be used for monitoring the devices 85 in the MAP scenario, especially, for the encapsulation mode. 87 2. The Internet-Standard Management Framework 89 For a detailed overview of the documents that describe the current 90 Internet-Standard Management Framework, please refer to section 7 of 91 [RFC3410]. 93 Managed objects are accessed via a virtual information store, termed 94 the Management Information Base or MIB. MIB objects are generally 95 accessed through the Simple Network Management Protocol (SNMP). 96 Objects in the MIB are defined using the mechanisms defined in the 97 Structure of Management Information (SMI). This memo specifies a MIB 98 module that is compliant to the SMIv2, which is described in 99 [RFC2578], [RFC2579] and [RFC2580]. 101 3. Terminology 103 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 104 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 105 "OPTIONAL" in this document are to be interpreted as described in 106 [RFC2119]. 108 4. Structure of the MIB Module 110 The MAP-E MIB provides a way to configure and monitor the MAP devices 111 in MAP encapsulation mode through SNMP. 113 MAP-E MIB is configurable on a per-interface basis. It depends on 114 several parts of the IF-MIB[RFC2863]. 116 4.1. The mapMIBObjects 118 4.1.1. The mapRule Subtree 120 The mapRule subtree describes managed objects used for managing the 121 multiple mapping rules in the MAP encapsulation mode. 123 According to the MAP specification[RFC7597], the mapping rules are 124 divided into two categories, which are Basic Mapping Rule (BMR), and 125 Forwarding Mapping Rule (FMR). 127 4.1.2. The mapSecurityCheck Subtree 129 The mapSecurityCheck subtree is to statistic the number of invalid 130 packets that have been identified. There are two kind of invalid 131 packets which are defined in the MAP specification [RFC7597]as below. 133 - The BR MUST perform a validation of the consistency of the source 134 IPv6 address and source port number for the packet using BMR. 136 - The Customer Edge (CE) SHOULD check that MAP received packets' 137 transport-layer destination port number is in the range configured by 138 MAP for the CE. 140 4.2. The mapMIBConformance Subtree 142 The mapMIBConformance subtree provides conformance information of MIB 143 objects. 145 5. Definitions 147 MAP-E-MIB DEFINITIONS ::= BEGIN 149 IMPORTS 150 MODULE-IDENTITY, OBJECT-TYPE, mib-2, 151 Integer32, Unsigned32, Counter64 152 FROM SNMPv2-SMI 153 ifIndex 154 FROM IF-MIB 155 InetAddressType, InetAddress, 156 InetAddressPrefixLength 157 FROM INET-ADDRESS-MIB 158 OBJECT-GROUP, MODULE-COMPLIANCE 159 FROM SNMPv2-CONF; 161 mapMIB MODULE-IDENTITY 162 LAST-UPDATED "201612150000Z" 163 ORGANIZATION 164 "IETF Softwire Working Group" 165 CONTACT-INFO 166 "Yu Fu 167 CNNIC 168 No.4 South 4th Street, Zhongguancun 169 Beijing, P.R. China 100190 170 EMail: fuyu@cnnic.cn 172 Sheng Jiang 173 Huawei Technologies Co., Ltd 174 Huawei Building, 156 Beiqing Rd., Hai-Dian District 175 Beijing, P.R. China 100095 176 EMail: jiangsheng@huawei.com 178 Bing Liu 179 Huawei Technologies Co., Ltd 180 Huawei Building, 156 Beiqing Rd., Hai-Dian District 181 Beijing, P.R. China 100095 182 EMail: leo.liubing@huawei.com 184 Jiang Dong 185 Tsinghua University 186 Department of Computer Science, Tsinghua University 187 Beijing 100084 188 P.R. China 189 Email: knight.dongjiang@gmail.com 191 Yuchi Chen 192 Tsinghua University 193 Department of Computer Science, Tsinghua University 194 Beijing 100084 195 P.R. China 196 Email: chenycmx@gmail.com" 198 DESCRIPTION 199 "The MIB module is defined for management of objects in the 200 MAP-E BRs or CEs." 201 REVISION "201612150000Z" 202 DESCRIPTION 203 "Initial version. Published as RFC xxxx." 204 --RFC Ed.: RFC-edtitor pls fill in xxxx 205 ::= { mib-2 xxx } 206 --xxx to be replaced withIANA-assigned value 208 mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1} 210 mapRule OBJECT IDENTIFIER 211 ::= { mapMIBObjects 1 } 213 mapSecurityCheck OBJECT IDENTIFIER 214 ::= { mapMIBObjects 2 } 216 mapRuleTable OBJECT-TYPE 217 SYNTAX SEQUENCE OF MapRuleEntry 218 MAX-ACCESS not-accessible 219 STATUS current 220 DESCRIPTION 221 "The (conceptual) table containing rule Information of 222 specific mapping rule. It can also be used for row 223 creation." 224 ::= { mapRule 1 } 226 mapRuleEntry OBJECT-TYPE 227 SYNTAX MapRuleEntry 228 MAX-ACCESS not-accessible 229 STATUS current 230 DESCRIPTION 231 "Each entry in this table contains the information on a 232 particular mapping rule." 233 INDEX { mapRuleID } 234 ::= { mapRuleTable 1 } 236 MapRuleEntry ::= 237 SEQUENCE { 238 mapRuleID Integer32, 239 mapRuleIPv6PrefixType InetAddressType, 240 mapRuleIPv6Prefix InetAddress, 241 mapRuleIPv6PrefixLen InetAddressPrefixLength, 242 mapRuleIPv4PrefixType InetAddressType, 243 mapRuleIPv4Prefix InetAddress, 244 mapRuleIPv4PrefixLen InetAddressPrefixLength, 245 mapRuleBRIPv6Address InetAddress, 246 mapRulePSID Integer32, 247 mapRulePSIDLen Integer32, 248 mapRuleOffset Unsigned32, 249 mapRuleEALen Integer32, 250 mapRuleType Integer32 251 } 253 mapRuleID OBJECT-TYPE 254 SYNTAX Integer32 (1..2147483647) 255 MAX-ACCESS not-accessible 256 STATUS current 257 DESCRIPTION 258 "An identifier used to distinguish the multiple mapping 259 rule which is unique with each CE in the same BR." 260 ::= { mapRuleEntry 1 } 262 mapRuleIPv6PrefixType OBJECT-TYPE 263 SYNTAX InetAddressType 264 MAX-ACCESS read-only 265 STATUS current 266 DESCRIPTION 267 "This object MUST be set to the value of ipv6(2) to 268 present the IPv6 address.It describes the 269 address type of the mapRuleIPv6Prefix and 270 mapRuleBRIPv6Address." 271 REFERENCE 272 "ipv6(2): RFC 4001." 273 ::= { mapRuleEntry 2 } 275 mapRuleIPv6Prefix OBJECT-TYPE 276 SYNTAX InetAddress(SIZE (0..16)) 277 MAX-ACCESS read-only 278 STATUS current 279 DESCRIPTION 280 "The IPv6 prefix defined in mapping rule which will be 281 assigned to CE. The address type is given by 282 mapRuleIPv6PrefixType." 283 ::= { mapRuleEntry 3 } 285 mapRuleIPv6PrefixLen OBJECT-TYPE 286 SYNTAX InetAddressPrefixLength 287 MAX-ACCESS read-only 288 STATUS current 289 DESCRIPTION 290 "The length of the IPv6 prefix defined in the mapping rule. 291 As a parameter for mapping rule, it will be also assigned 292 to CE." 293 ::= { mapRuleEntry 4 } 295 mapRuleIPv4PrefixType OBJECT-TYPE 296 SYNTAX InetAddressType 297 MAX-ACCESS read-only 298 STATUS current 299 DESCRIPTION 300 "This object MUST be set to the value of ipv4(1) to 301 present the public IPv4 address. It describes the 302 address type of the mapRuleIPv4Prefix." 303 REFERENCE 304 "ipv4(1): RFC 4001." 305 ::= { mapRuleEntry 5 } 307 mapRuleIPv4Prefix OBJECT-TYPE 308 SYNTAX InetAddress(SIZE (0..4)) 309 MAX-ACCESS read-only 310 STATUS current 311 DESCRIPTION 312 " The IPv4 prefix defined in mapping rule which will be 313 assigned to CE. The address type is given by 314 mapRuleIPv4PrefixType." 315 ::= { mapRuleEntry 6 } 317 mapRuleIPv4PrefixLen OBJECT-TYPE 318 SYNTAX InetAddressPrefixLength 319 MAX-ACCESS read-only 320 STATUS current 321 DESCRIPTION 322 "The length of the IPv4 prefix defined in the mapping 323 rule. As a parameter for mapping rule, it will be also 324 assigned to CE." 325 ::= { mapRuleEntry 7 } 327 mapRuleBRIPv6Address OBJECT-TYPE 328 SYNTAX InetAddress(SIZE (0..16)) 329 MAX-ACCESS read-only 330 STATUS current 331 DESCRIPTION 332 "The IPv6 address of the BR which will be 333 conveyed to CE. The address type is given by 334 mapRuleIPv6PrefixType." 335 ::= { mapRuleEntry 8 } 337 mapRulePSID OBJECT-TYPE 338 SYNTAX Integer32 339 MAX-ACCESS read-only 340 STATUS current 341 DESCRIPTION 342 "The PSID value algorithmically identifies a set of 343 ports assigned to a CE." 344 REFERENCE 345 "PSID: section 3 of RFC 7597." 346 ::= { mapRuleEntry 9 } 348 mapRulePSIDLen OBJECT-TYPE 349 SYNTAX Integer32 350 MAX-ACCESS read-only 351 STATUS current 352 DESCRIPTION 353 "The bit length value of the number of significant bits in 354 the PSID field. When it is set to 0, the PSID 355 field is to be ignored." 356 ::= { mapRuleEntry 10 } 358 mapRuleOffset OBJECT-TYPE 359 SYNTAX Unsigned32(0..15) 360 MAX-ACCESS read-only 361 STATUS current 362 DESCRIPTION 363 "Bit length value of the number of significant bits in 364 the PSID field. When it is set to 0, the PSID 365 field is to be ignored." 366 ::= { mapRuleEntry 11 } 368 mapRuleEALen OBJECT-TYPE 369 SYNTAX Integer32 370 MAX-ACCESS read-only 371 STATUS current 372 DESCRIPTION 373 "The length of the Embedded-Address (EA) defined in 374 mapping rule which will be assigned to CE." 375 REFERENCE 376 "EA: section 3 of RFC 7597." 377 ::= { mapRuleEntry 12 } 379 mapRuleType OBJECT-TYPE 380 SYNTAX Integer32 381 MAX-ACCESS read-only 382 STATUS current 383 DESCRIPTION 384 "The type of the mapping rule. A value of 0 means it 385 is a BMR; a non-zero value means it is a FMR." 386 REFERENCE 387 "BMR, FMR: section 5 of RFC 7597." 388 ::= { mapRuleEntry 13 } 390 mapSecurityCheckTable OBJECT-TYPE 391 SYNTAX SEQUENCE OF MapSecurityCheckEntry 392 MAX-ACCESS not-accessible 393 STATUS current 394 DESCRIPTION 395 "The (conceptual) table containing information on 396 MAP security checks. This table can be used to statistic 397 the number of invalid packets that been identified" 398 ::= { mapSecurityCheck 1 } 400 mapSecurityCheckEntry OBJECT-TYPE 401 SYNTAX MapSecurityCheckEntry 402 MAX-ACCESS not-accessible 403 STATUS current 404 DESCRIPTION 405 "Each entry in this table contains the information on a 406 particular MAP SecurityCheck." 407 INDEX { ifIndex } 408 ::= { mapSecurityCheckTable 1 } 410 MapSecurityCheckEntry ::= 411 SEQUENCE { 412 mapSecurityCheckInvalidv4 Counter64, 413 mapSecurityCheckInvalidv6 Counter64 414 } 416 mapSecurityCheckInvalidv4 OBJECT-TYPE 417 SYNTAX Counter64 418 MAX-ACCESS accessible-for-notify 419 STATUS current 420 DESCRIPTION 421 "The CE SHOULD check that MAP received packets' 422 transport-layer destination port number is in the range 423 configured by MAP for the CE. So this object indicate 424 the number of the invalid IPv4 packets received by the 425 MAP." 426 ::= { mapSecurityCheckEntry 1 } 428 mapSecurityCheckInvalidv6 OBJECT-TYPE 429 SYNTAX Counter64 430 MAX-ACCESS accessible-for-notify 431 STATUS current 432 DESCRIPTION 433 "The BR MUST perform a validation of the consistency of 434 the source IPv6 address and source port number for the 435 packet using BMR. So this object indicate the number of 436 the invalid IPv6 packets received by the BR." 437 ::= { mapSecurityCheckEntry 2 } 439 -- Conformance Information 440 mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2} 441 mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 } 442 mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 } 444 -- compliance statements 445 mapMIBCompliance MODULE-COMPLIANCE 446 STATUS current 447 DESCRIPTION 448 " Describes the minimal requirements for conformance 449 to the MAP-E MIB." 450 MODULE -- this module 451 MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup } 452 ::= { mapMIBCompliances 1 } 454 -- Units of Conformance 455 mapMIBRuleGroup OBJECT-GROUP 456 OBJECTS { 457 mapRuleIPv6PrefixType, 458 mapRuleIPv6Prefix, 459 mapRuleIPv6PrefixLen, 460 mapRuleIPv4PrefixType, 461 mapRuleIPv4Prefix, 462 mapRuleIPv4PrefixLen, 463 mapRuleBRIPv6Address, 464 mapRulePSID, 465 mapRulePSIDLen, 466 mapRuleOffset, 467 mapRuleEALen, 468 mapRuleType } 469 STATUS current 470 DESCRIPTION 471 " The collection of this objects are used to give the 472 information of mapping rules in MAP-E." 473 ::= { mapMIBGroups 1 } 475 mapMIBSecurityGroup OBJECT-GROUP 476 OBJECTS { 477 mapSecurityCheckInvalidv4, 478 mapSecurityCheckInvalidv6 } 479 STATUS current 480 DESCRIPTION 481 " The collection of this objects are used to give the 482 information on MAP security checks." 483 ::= { mapMIBGroups 2 } 485 END 487 6. IANA Considerations 489 The MIB module in this document uses the following IANA-assigned 490 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 492 Descriptor OBJECT IDENTIFIER value 493 ---------- ----------------------- 494 MAP-E-MIB { mib-2 XXX } 496 7. Security Considerations 498 There are no management objects defined in this MIB module that have 499 a MAX-ACCESS clause of read-write and/or read-create. So, if this 500 MIB module is implemented correctly, then there is no risk that an 501 intruder can alter or create any management objects of this MIB 502 module via direct SNMP SET operations. 504 Some of the readable objects in this MIB module (i.e., objects with a 505 MAX-ACCESS other than not-accessible) may be considered sensitive or 506 vulnerable in some network environments. It is thus important to 507 control even GET and/or NOTIFY access to these objects and possibly 508 to even encrypt the values of these objects when sending them over 509 the network via SNMP. These are the objects and their sensitivity/ 510 vulnerability: 512 mapRuleIPv6PrefixType 514 mapRuleIPv6Prefix 516 mapRuleIPv6PrefixLen 518 mapRuleIPv4PrefixType 520 mapRuleIPv4Prefix 522 mapRuleIPv4PrefixLen 524 mapRuleBRIPv6Address 526 mapRulePSID 527 mapRulePSIDLen 529 mapRuleOffset 531 mapRuleEALen 533 mapRuleType 535 SNMP versions prior to SNMPv3 did not include adequate security. 536 Even if the network itself is secure (for example by using IPSec), 537 even then, there is no control as to who on the secure network is 538 allowed to access and GET/SET (read/change/create/delete) the objects 539 in this MIB module. 541 Implementations SHOULD provide the security features described by the 542 SNMPv3 framework (see [RFC3410]), and implementations claiming 543 compliance to the SNMPv3 standard MUST include full support for 544 authentication and privacy via the User-based Security Model (USM) 545 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 546 MAY also provide support for the Transport Security Model (TSM) 547 [RFC5591] in combination with a secure transport such as SSH 548 [RFC5592] or TLS/DTLS [RFC6353]. 550 Further, deployment of SNMP versions prior to SNMPv3 is NOT 551 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 552 enable cryptographic security. It is then a customer/operator 553 responsibility to ensure that the SNMP entity giving access to an 554 instance of this MIB module is properly configured to give access to 555 the objects only to those principals (users) that have legitimate 556 rights to indeed GET or SET (change/create/delete) them. 558 8. Acknowledgements 560 The authors would like to thank for valuable comments from David 561 Harrington, Mark Townsley, Shishio Tsuchiya, Yong Cui and Suresh 562 Krishnan. 564 This document was produced using the xml2rfc tool [RFC2629]. 566 9. References 568 9.1. Normative References 570 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 571 Requirement Levels", BCP 14, RFC 2119, 572 DOI 10.17487/RFC2119, March 1997, 573 . 575 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 576 Schoenwaelder, Ed., "Structure of Management Information 577 Version 2 (SMIv2)", STD 58, RFC 2578, 578 DOI 10.17487/RFC2578, April 1999, 579 . 581 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 582 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 583 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 584 . 586 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 587 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 588 . 590 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 591 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 592 Port with Encapsulation (MAP-E)", RFC 7597, 593 DOI 10.17487/RFC7597, July 2015, 594 . 596 9.2. Informative References 598 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 599 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 600 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 601 . 603 [RFC2629] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 604 DOI 10.17487/RFC2629, June 1999, 605 . 607 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 608 "Introduction and Applicability Statements for Internet- 609 Standard Management Framework", RFC 3410, 610 DOI 10.17487/RFC3410, December 2002, 611 . 613 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 614 (USM) for version 3 of the Simple Network Management 615 Protocol (SNMPv3)", STD 62, RFC 3414, 616 DOI 10.17487/RFC3414, December 2002, 617 . 619 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 620 Advanced Encryption Standard (AES) Cipher Algorithm in the 621 SNMP User-based Security Model", RFC 3826, 622 DOI 10.17487/RFC3826, June 2004, 623 . 625 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 626 for the Simple Network Management Protocol (SNMP)", 627 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 628 . 630 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 631 Shell Transport Model for the Simple Network Management 632 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 633 2009, . 635 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 636 Model for the Simple Network Management Protocol (SNMP)", 637 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 638 . 640 Authors' Addresses 642 Yu Fu 643 CNNIC 644 No.4 South 4th Street, Zhongguancun 645 Beijing 100190 646 P.R. China 648 Email: fuyu@cnnic.cn 650 Sheng Jiang 651 Huawei Technologies Co., Ltd 652 Q14, Huawei Campus, No.156 Beiqing Road 653 Hai-Dian District, Beijing, 100095 654 P.R. China 656 Email: jiangsheng@huawei.com 658 Bing Liu 659 Huawei Technologies Co., Ltd 660 Q14, Huawei Campus, No.156 Beiqing Road 661 Hai-Dian District, Beijing, 100095 662 P.R. China 664 Email: leo.liubing@huawei.com 665 Jiang Dong 666 Tsinghua University 667 Department of Computer Science, Tsinghua University 668 Beijing 100084 669 P.R. China 671 Email: knight.dongjiang@gmail.com 673 Yuchi Chen 674 Tsinghua University 675 Department of Computer Science, Tsinghua University 676 Beijing 100084 677 P.R. China 679 Email: flashfoxmx@gmail.com