idnits 2.17.1 draft-ietf-softwire-map-mib-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (November 15, 2017) is 2353 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC7598' is defined on line 627, but no explicit reference was found in the text Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Y. Fu 3 Internet-Draft CNNIC 4 Intended status: Standards Track S. Jiang 5 Expires: May 19, 2018 B. Liu 6 Huawei Technologies Co., Ltd 7 J. Dong 8 Y. Chen 9 Tsinghua University 10 November 15, 2017 12 Definitions of Managed Objects for MAP-E 13 draft-ietf-softwire-map-mib-12 15 Abstract 17 This memo defines a portion of the Management Information Base (MIB) 18 for Mapping Address and Port with encapsulation (MAP-E) for use with 19 network management protocols. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on May 19, 2018. 38 Copyright Notice 40 Copyright (c) 2017 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. The Internet-Standard Management Framework . . . . . . . . . 2 57 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 59 4.1. The mapMIBObjects . . . . . . . . . . . . . . . . . . . . 3 60 4.1.1. The mapRule Subtree . . . . . . . . . . . . . . . . . 3 61 4.1.2. The mapSecurityCheck Subtree . . . . . . . . . . . . 3 62 4.2. The mapMIBConformance Subtree . . . . . . . . . . . . . . 3 63 5. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 65 7. Security Considerations . . . . . . . . . . . . . . . . . . . 11 66 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 67 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 68 9.1. Normative References . . . . . . . . . . . . . . . . . . 13 69 9.2. Informative References . . . . . . . . . . . . . . . . . 14 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 72 1. Introduction 74 Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597] is a 75 stateless, automatic tunnelling mechanism for providing an IPv4 76 connectivity service to end-users over a service provider's IPv6 77 network. 79 This document defines a portion of the Management Information Base 80 (MIB) for use with monitoring MAP-E devices. 82 2. The Internet-Standard Management Framework 84 For a detailed overview of the documents that describe the current 85 Internet-Standard Management Framework, please refer to section 7 of 86 [RFC3410]. 88 Managed objects are accessed via a virtual information store, termed 89 the Management Information Base or MIB. MIB objects are generally 90 accessed through the Simple Network Management Protocol (SNMP). 91 Objects in the MIB are defined using the mechanisms defined in the 92 Structure of Management Information (SMI). This memo specifies a MIB 93 module that is compliant to the SMIv2, which is described in 94 [RFC2578], [RFC2579] and [RFC2580]. 96 3. Terminology 98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 100 "OPTIONAL" in this document are to be interpreted as described in 101 [RFC2119]. 103 4. Structure of the MIB Module 105 The Interfaces MIB [RFC2863] defines generic managed objects for 106 managing interfaces. Each logical interface (physical or virtual) 107 has an ifEntry. Tunnels are handled by creating a logical interface 108 (ifEntry) for each tunnel. Each MAP-E tunnel endpoint also acts as a 109 virtual interface that has a corresponding entry in the Interface 110 MIB. Those corresponding entries are indexed by ifIndex. MAP-E MIB 111 is configurable on a per-interface basis, so it depends on several 112 parts of the IF-MIB[RFC2863]. 114 4.1. The mapMIBObjects 116 4.1.1. The mapRule Subtree 118 The mapRule subtree describes managed objects used for managing the 119 multiple mapping rules in MAP-E. 121 According to the [RFC7597], the mapping rules are divided into two 122 categories, which are Basic Mapping Rule (BMR), and Forwarding 123 Mapping Rule (FMR). 125 4.1.2. The mapSecurityCheck Subtree 127 The mapSecurityCheck subtree provides statistics for the number of 128 invalid packets that have been identified. There are two kind of 129 invalid packets which are defined in the [RFC7597] as below. 131 - The Border Relay (BR) will validates the received packet's source 132 IPv6 address against the configured MAP domain rule and the 133 destination IPv6 address against the configured BR IPv6 address. 135 - The MAP node (CE and BR) will check that the received packets' 136 source IPv4 address and port is in the range derived from the 137 matching MAP Rule. 139 4.2. The mapMIBConformance Subtree 141 The mapMIBConformance subtree provides conformance information of MIB 142 objects. 144 5. Definitions 146 The following MIB module imports definitions from [RFC2578], 147 [RFC2579], [RFC2580], [RFC2863], and [RFC4001]. 149 MAP-E-MIB DEFINITIONS ::= BEGIN 151 IMPORTS 152 MODULE-IDENTITY, OBJECT-TYPE, mib-2, 153 Unsigned32, Counter64 154 FROM SNMPv2-SMI --RFC2578 155 TEXTUAL-CONVENTION 156 FROM SNMPv2-TC --RFC2579 157 ifIndex 158 FROM IF-MIB --RFC2863 159 InetAddressIPv6, InetAddressIPv4, 160 InetAddressPrefixLength 161 FROM INET-ADDRESS-MIB --RFC4001 162 OBJECT-GROUP, MODULE-COMPLIANCE 163 FROM SNMPv2-CONF; --RFC2580 165 mapMIB MODULE-IDENTITY 166 LAST-UPDATED "201711150000Z" 167 ORGANIZATION 168 "IETF Softwire Working Group" 169 CONTACT-INFO 170 "Yu Fu 171 CNNIC 172 No.4 South 4th Street, Zhongguancun 173 Beijing, P.R. China 100190 174 EMail: fuyu@cnnic.cn 176 Sheng Jiang 177 Huawei Technologies Co., Ltd 178 Huawei Building, 156 Beiqing Rd., Hai-Dian District 179 Beijing, P.R. China 100095 180 EMail: jiangsheng@huawei.com 182 Bing Liu 183 Huawei Technologies Co., Ltd 184 Huawei Building, 156 Beiqing Rd., Hai-Dian District 185 Beijing, P.R. China 100095 186 EMail: leo.liubing@huawei.com 188 Jiang Dong 189 Tsinghua University 190 Department of Computer Science, Tsinghua University 191 Beijing 100084 192 P.R. China 193 Email: knight.dongjiang@gmail.com 195 Yuchi Chen 196 Tsinghua University 197 Department of Computer Science, Tsinghua University 198 Beijing 100084 199 P.R. China 200 Email: chenycmx@gmail.com" 202 DESCRIPTION 203 "The MIB module is defined for management of objects for 204 MAP-E BRs or CEs." 205 REVISION "201711150000Z" 206 DESCRIPTION 207 "Initial version. Published as RFC xxxx." 208 --RFC Ed.: RFC-edtitor pls fill in xxxx 209 ::= { mib-2 xxx } 210 --xxx to be replaced withIANA-assigned value 212 mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1} 214 mapRule OBJECT IDENTIFIER 215 ::= { mapMIBObjects 1 } 217 mapSecurityCheck OBJECT IDENTIFIER 218 ::= { mapMIBObjects 2 } 220 -- ============================================================== 221 -- Textual Conventions used in this MIB module 222 -- ============================================================== 224 RulePSID ::= TEXTUAL-CONVENTION 225 DISPLAY-HINT "0x:" 226 STATUS current 227 DESCRIPTION 228 "Indicates that the PSID is represented as hexidecimal for 229 clarity." 230 SYNTAX OCTET STRING (SIZE (2)) 232 RuleType ::= TEXTUAL-CONVENTION 233 STATUS current 234 DESCRIPTION 235 "Enumerates the type of the mapping rule. It 236 defines three types of mapping rules here: 237 bmr: Basic Mapping Rule (Not Forwarding Mapping Rule), 238 fmr: Forwarding Mapping Rule (Not Basic Mapping Rule), 239 bmrAndfmr: Basic and Forwarding Mapping Rule. The Basic 240 Mapping Rule may also be a Forwarding Mapping Rule for 241 mesh mode." 242 REFERENCE "bmr, fmr: section 5 of RFC 7597. 243 bmrAndfmr: section 5 of RFC 7597, section 4.1 244 of RFC 7598." 245 SYNTAX INTEGER { 246 bmr(1), 247 fmr(2), 248 bmrAndfmr(3) 249 } 251 mapRuleTable OBJECT-TYPE 252 SYNTAX SEQUENCE OF MapRuleEntry 253 MAX-ACCESS not-accessible 254 STATUS current 255 DESCRIPTION 256 "The (conceptual) table containing rule information for 257 a specific mapping rule. It can also be used for row 258 creation." 259 ::= { mapRule 1 } 261 mapRuleEntry OBJECT-TYPE 262 SYNTAX MapRuleEntry 263 MAX-ACCESS not-accessible 264 STATUS current 265 DESCRIPTION 266 "Each entry in this table contains the information on a 267 particular mapping rule." 268 INDEX { ifIndex, 269 mapRuleID } 270 ::= { mapRuleTable 1 } 272 MapRuleEntry ::= 273 SEQUENCE { 274 mapRuleID Unsigned32, 275 mapRuleIPv6Prefix InetAddressIPv6, 276 mapRuleIPv6PrefixLen InetAddressPrefixLength, 277 mapRuleIPv4Prefix InetAddressIPv4, 278 mapRuleIPv4PrefixLen InetAddressPrefixLength, 279 mapRuleBRIPv6Address InetAddressIPv6, 280 mapRulePSID RulePSID, 281 mapRulePSIDLen Unsigned32, 282 mapRuleOffset Unsigned32, 283 mapRuleEALen Unsigned32, 284 mapRuleType RuleType 285 } 286 mapRuleID OBJECT-TYPE 287 SYNTAX Unsigned32 (1..4294967295) 288 MAX-ACCESS not-accessible 289 STATUS current 290 DESCRIPTION 291 "A unique identifier used to distinguish mapping 292 rules." 293 ::= { mapRuleEntry 1 } 295 -- The object mapRuleIPv6Prefix is IPv6 specific and hence it does 296 -- not use the version agnostic InetAddress. 298 mapRuleIPv6Prefix OBJECT-TYPE 299 SYNTAX InetAddressIPv6 300 MAX-ACCESS read-only 301 STATUS current 302 DESCRIPTION 303 "The IPv6 prefix defined in the mapping rule which will be 304 assigned to CE." 305 ::= { mapRuleEntry 2 } 307 mapRuleIPv6PrefixLen OBJECT-TYPE 308 SYNTAX InetAddressPrefixLength 309 MAX-ACCESS read-only 310 STATUS current 311 DESCRIPTION 312 "The length of the IPv6 prefix defined in the mapping rule 313 which will be assigned to CE." 314 ::= { mapRuleEntry 3 } 316 -- The object mapRuleIPv4Prefix is IPv4 specific and hence it does 317 -- not use the version agnostic InetAddress. 319 mapRuleIPv4Prefix OBJECT-TYPE 320 SYNTAX InetAddressIPv4 321 MAX-ACCESS read-only 322 STATUS current 323 DESCRIPTION 324 " The IPv4 prefix defined in the mapping rule which will be 325 assigned to CE." 326 ::= { mapRuleEntry 4 } 328 mapRuleIPv4PrefixLen OBJECT-TYPE 329 SYNTAX InetAddressPrefixLength 330 MAX-ACCESS read-only 331 STATUS current 332 DESCRIPTION 333 "The length of the IPv4 prefix defined in the mapping 334 rule which will be assigned to CE." 335 ::= { mapRuleEntry 5 } 337 -- The object mapRuleBRIPv6Address is IPv6 specific and hence it does 338 -- not use the version agnostic InetAddress. 340 mapRuleBRIPv6Address OBJECT-TYPE 341 SYNTAX InetAddressIPv6 342 MAX-ACCESS read-only 343 STATUS current 344 DESCRIPTION 345 "The IPv6 address of the BR which will be conveyed to CE. 346 If the BR IPv6 address is anycast, the relay must use 347 this anycast IPv6 address as the source address in 348 packets relayed to CEs." 349 ::= { mapRuleEntry 6 } 351 mapRulePSID OBJECT-TYPE 352 SYNTAX RulePSID 353 MAX-ACCESS read-only 354 STATUS current 355 DESCRIPTION 356 "The PSID value algorithmically identifies a set of 357 ports assigned to a CE." 358 REFERENCE 359 "PSID: section 5.1 of RFC 7597." 360 ::= { mapRuleEntry 7 } 362 mapRulePSIDLen OBJECT-TYPE 363 SYNTAX Unsigned32(0..16) 364 MAX-ACCESS read-only 365 STATUS current 366 DESCRIPTION 367 "The bit length value of the number of significant bits in 368 the PSID field. When it is set to 0, the PSID 369 field is to be ignored." 370 ::= { mapRuleEntry 8 } 372 mapRuleOffset OBJECT-TYPE 373 SYNTAX Unsigned32(0..15) 374 MAX-ACCESS read-only 375 STATUS current 376 DESCRIPTION 377 "The number of the mapRuleOffset is 6 by default as to 378 exclude the System ports (0-1023). It is provided via 379 the Rule Port Mapping Parameters in the Basic Mapping 380 Rule." 381 DEFVAL {6} 382 ::= { mapRuleEntry 9 } 384 mapRuleEALen OBJECT-TYPE 385 SYNTAX Unsigned32(0..48) 386 MAX-ACCESS read-only 387 STATUS current 388 DESCRIPTION 389 "The length of the Embedded-Address (EA) defined in 390 mapping rule which will be assigned to CE." 391 REFERENCE 392 "EA: section 3 of RFC 7597." 393 ::= { mapRuleEntry 10 } 395 mapRuleType OBJECT-TYPE 396 SYNTAX RuleType 397 MAX-ACCESS read-only 398 STATUS current 399 DESCRIPTION 400 "Indicates the type of mapping rule. 401 '1' represents a BMR. 402 '2' represents a FMR and '3' is for a BMR which 403 is also an FMR for mesh mode." 404 REFERENCE 405 "bmr, fmr: section 5 of RFC 7597. 406 bmrAndfmr: section 5 of RFC 7597, section 4.1 of 407 RFC 7598." 408 ::= { mapRuleEntry 11 } 410 mapSecurityCheckTable OBJECT-TYPE 411 SYNTAX SEQUENCE OF MapSecurityCheckEntry 412 MAX-ACCESS not-accessible 413 STATUS current 414 DESCRIPTION 415 "The (conceptual) table containing information on 416 MAP security checks. This table can be used for 417 statistics on the number of invalid packets that 418 have been identified." 419 ::= { mapSecurityCheck 1 } 421 mapSecurityCheckEntry OBJECT-TYPE 422 SYNTAX MapSecurityCheckEntry 423 MAX-ACCESS not-accessible 424 STATUS current 425 DESCRIPTION 426 "Each entry in this table contains information on a 427 particular MAP SecurityCheck." 428 INDEX { ifIndex } 429 ::= { mapSecurityCheckTable 1 } 431 MapSecurityCheckEntry ::= 432 SEQUENCE { 433 mapSecurityCheckInvalidv4 Counter64, 434 mapSecurityCheckInvalidv6 Counter64 435 } 437 mapSecurityCheckInvalidv4 OBJECT-TYPE 438 SYNTAX Counter64 439 MAX-ACCESS read-only 440 STATUS current 441 DESCRIPTION 442 "Indicates the number of received IPv4 packets 443 which do not have a payload source IPv4 address or 444 port within the range defined in the matching MAP 445 rule." 446 ::= { mapSecurityCheckEntry 1 } 448 mapSecurityCheckInvalidv6 OBJECT-TYPE 449 SYNTAX Counter64 450 MAX-ACCESS read-only 451 STATUS current 452 DESCRIPTION 453 "Indicates the number of received IPv6 packets which 454 do not have a source or destination IPv6 address 455 matching a Basic Mapping Rule." 456 ::= { mapSecurityCheckEntry 2 } 458 -- Conformance Information 459 mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2} 460 mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 } 461 mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 } 463 -- compliance statements 464 mapMIBCompliance MODULE-COMPLIANCE 465 STATUS current 466 DESCRIPTION 467 "Describes the minimal requirements for conformance 468 to the MAP-E MIB." 469 MODULE -- this module 470 MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup } 471 ::= { mapMIBCompliances 1 } 473 -- Units of Conformance 474 mapMIBRuleGroup OBJECT-GROUP 475 OBJECTS { 476 mapRuleIPv6Prefix, 477 mapRuleIPv6PrefixLen, 478 mapRuleIPv4Prefix, 479 mapRuleIPv4PrefixLen, 480 mapRuleBRIPv6Address, 481 mapRulePSID, 482 mapRulePSIDLen, 483 mapRuleOffset, 484 mapRuleEALen, 485 mapRuleType } 486 STATUS current 487 DESCRIPTION 488 "The group of objects used to describe the MAP-E mapping 489 rule." 490 ::= { mapMIBGroups 1 } 492 mapMIBSecurityGroup OBJECT-GROUP 493 OBJECTS { 494 mapSecurityCheckInvalidv4, 495 mapSecurityCheckInvalidv6 } 496 STATUS current 497 DESCRIPTION 498 "The group of objects used to provide information on the 499 MAP-E security checks." 500 ::= { mapMIBGroups 2 } 502 END 504 6. IANA Considerations 506 The MIB module in this document uses the following IANA-assigned 507 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 509 Descriptor OBJECT IDENTIFIER value 510 ---------- ----------------------- 511 MAP-E-MIB { mib-2 XXX } 513 7. Security Considerations 515 There are no management objects defined in this MIB module that have 516 a MAX-ACCESS clause of read-write and/or read-create. So, if this 517 MIB module is implemented correctly, then there is no risk that an 518 intruder can alter or create any management objects of this MIB 519 module via direct SNMP SET operations. 521 Some of the readable objects in this MIB module (i.e., objects with a 522 MAX-ACCESS other than not-accessible) may be considered sensitive or 523 vulnerable in some network environments. It is thus important to 524 control even GET and/or NOTIFY access to these objects and possibly 525 to even encrypt the values of these objects when sending them over 526 the network via SNMP. 528 Some of the MIB model's objects are vulnerable as the information 529 which they hold may be used for targeting an attack against a MAP 530 node (CE or BR). E.g., an intruder could use the information to help 531 deduce the customer IPv4 and IPv6 topologies and address-sharing 532 ratios in use by the ISP. 534 The following is a list of the objects that have this vulnerability: 536 mapRuleIPv6Prefix 538 mapRuleIPv6PrefixLen 540 mapRuleIPv4Prefix 542 mapRuleIPv4PrefixLen 544 mapRuleBRIPv6Address 546 mapRulePSID 548 mapRulePSIDLen 550 mapRuleOffset 552 mapRuleEALen 554 mapRuleType 556 SNMP versions prior to SNMPv3 did not include adequate security. 557 Even if the network itself is secure (for example by using IPSec), 558 there is no control as to who on the secure network is allowed to 559 access and GET/SET (read/change/create/delete) the objects in this 560 MIB module. 562 Implementations SHOULD provide the security features described by the 563 SNMPv3 framework (see [RFC3410]), and implementations claiming 564 compliance to the SNMPv3 standard MUST include full support for 565 authentication and privacy via the User-based Security Model (USM) 566 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 567 MAY also provide support for the Transport Security Model (TSM) 568 [RFC5591] in combination with a secure transport such as SSH 569 [RFC5592] or TLS/DTLS [RFC6353]. 571 Further, deployment of SNMP versions prior to SNMPv3 is NOT 572 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 573 enable cryptographic security. It is then a customer/operator 574 responsibility to ensure that the SNMP entity giving access to an 575 instance of this MIB module is properly configured to give access to 576 the objects only to those principals (users) that have legitimate 577 rights to indeed GET or SET (change/create/delete) them. 579 8. Acknowledgements 581 The authors would like to thank for valuable comments from David 582 Harrington, Mark Townsley, Shishio Tsuchiya, Yong Cui, Suresh 583 Krishnan, Bert Wijnen, Ian Farrer and Juergen Schoenwaelder. 585 This document was produced using the xml2rfc tool [RFC7991]. 587 9. References 589 9.1. Normative References 591 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 592 Requirement Levels", BCP 14, RFC 2119, 593 DOI 10.17487/RFC2119, March 1997, 594 . 596 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 597 Schoenwaelder, Ed., "Structure of Management Information 598 Version 2 (SMIv2)", STD 58, RFC 2578, 599 DOI 10.17487/RFC2578, April 1999, 600 . 602 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 603 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 604 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 605 . 607 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 608 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 609 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 610 . 612 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 613 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 614 . 616 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 617 Schoenwaelder, "Textual Conventions for Internet Network 618 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 619 . 621 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 622 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 623 Port with Encapsulation (MAP-E)", RFC 7597, 624 DOI 10.17487/RFC7597, July 2015, 625 . 627 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 628 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 629 Configuration of Softwire Address and Port-Mapped 630 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 631 . 633 9.2. Informative References 635 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 636 "Introduction and Applicability Statements for Internet- 637 Standard Management Framework", RFC 3410, 638 DOI 10.17487/RFC3410, December 2002, 639 . 641 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 642 (USM) for version 3 of the Simple Network Management 643 Protocol (SNMPv3)", STD 62, RFC 3414, 644 DOI 10.17487/RFC3414, December 2002, 645 . 647 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 648 Advanced Encryption Standard (AES) Cipher Algorithm in the 649 SNMP User-based Security Model", RFC 3826, 650 DOI 10.17487/RFC3826, June 2004, 651 . 653 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 654 for the Simple Network Management Protocol (SNMP)", 655 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 656 . 658 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 659 Shell Transport Model for the Simple Network Management 660 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 661 2009, . 663 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 664 Model for the Simple Network Management Protocol (SNMP)", 665 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 666 . 668 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 669 RFC 7991, DOI 10.17487/RFC7991, December 2016, 670 . 672 Authors' Addresses 674 Yu Fu 675 CNNIC 676 No.4 South 4th Street, Zhongguancun 677 Beijing 100190 678 P.R. China 680 Email: fuyu@cnnic.cn 682 Sheng Jiang 683 Huawei Technologies Co., Ltd 684 Q14, Huawei Campus, No.156 Beiqing Road 685 Hai-Dian District, Beijing, 100095 686 P.R. China 688 Email: jiangsheng@huawei.com 690 Bing Liu 691 Huawei Technologies Co., Ltd 692 Q14, Huawei Campus, No.156 Beiqing Road 693 Hai-Dian District, Beijing, 100095 694 P.R. China 696 Email: leo.liubing@huawei.com 698 Jiang Dong 699 Tsinghua University 700 Department of Computer Science, Tsinghua University 701 Beijing 100084 702 P.R. China 704 Email: knight.dongjiang@gmail.com 705 Yuchi Chen 706 Tsinghua University 707 Department of Computer Science, Tsinghua University 708 Beijing 100084 709 P.R. China 711 Email: flashfoxmx@gmail.com