idnits 2.17.1 draft-ietf-softwire-map-mib-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 29, 2018) is 2131 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force Y. Fu 3 Internet-Draft CNNIC 4 Intended status: Standards Track S. Jiang 5 Expires: November 30, 2018 B. Liu 6 Huawei Technologies Co., Ltd 7 J. Dong 8 Y. Chen 9 Tsinghua University 10 May 29, 2018 12 Definitions of Managed Objects for MAP-E 13 draft-ietf-softwire-map-mib-13 15 Abstract 17 This memo defines a portion of the Management Information Base (MIB) 18 for Mapping Address and Port with encapsulation (MAP-E) for use with 19 network management protocols. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on November 30, 2018. 38 Copyright Notice 40 Copyright (c) 2018 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents 45 (https://trustee.ietf.org/license-info) in effect on the date of 46 publication of this document. Please review these documents 47 carefully, as they describe your rights and restrictions with respect 48 to this document. Code Components extracted from this document must 49 include Simplified BSD License text as described in Section 4.e of 50 the Trust Legal Provisions and are provided without warranty as 51 described in the Simplified BSD License. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 56 2. The Internet-Standard Management Framework . . . . . . . . . 2 57 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 58 4. Structure of the MIB Module . . . . . . . . . . . . . . . . . 3 59 4.1. The mapMIBObjects . . . . . . . . . . . . . . . . . . . . 3 60 4.1.1. The mapRule Subtree . . . . . . . . . . . . . . . . . 3 61 4.1.2. The mapSecurityCheck Subtree . . . . . . . . . . . . 3 62 4.2. The mapMIBConformance Subtree . . . . . . . . . . . . . . 4 63 5. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 64 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 65 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 66 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 67 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 68 9.1. Normative References . . . . . . . . . . . . . . . . . . 13 69 9.2. Informative References . . . . . . . . . . . . . . . . . 14 70 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 72 1. Introduction 74 Mapping of Address and Port with Encapsulation (MAP-E) [RFC7597] is a 75 stateless, automatic tunnelling mechanism for providing an IPv4 76 connectivity service to end-users over a service provider's IPv6 77 network. 79 This document defines a portion of the Management Information Base 80 (MIB) for use with monitoring MAP-E devices. 82 2. The Internet-Standard Management Framework 84 For a detailed overview of the documents that describe the current 85 Internet-Standard Management Framework, please refer to section 7 of 86 [RFC3410]. 88 Managed objects are accessed via a virtual information store, termed 89 the Management Information Base or MIB. MIB objects are generally 90 accessed through the Simple Network Management Protocol (SNMP). 91 Objects in the MIB are defined using the mechanisms defined in the 92 Structure of Management Information (SMI). This memo specifies a MIB 93 module that is compliant to the SMIv2, which is described in 94 [RFC2578], [RFC2579] and [RFC2580]. 96 3. Terminology 98 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 99 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 100 "OPTIONAL" in this document are to be interpreted as described in 101 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, 102 as shown here. 104 4. Structure of the MIB Module 106 The Interfaces MIB [RFC2863] defines generic managed objects for 107 managing interfaces. Each logical interface (physical or virtual) 108 has an ifEntry. Tunnels are handled by creating a logical interface 109 (ifEntry) for each tunnel. Each MAP-E tunnel endpoint also acts as a 110 virtual interface that has a corresponding entry in the Interface 111 MIB. Those corresponding entries are indexed by ifIndex. MAP-E MIB 112 is configurable on a per-interface basis, so it depends on several 113 parts (ifEntry) of the IF-MIB[RFC2863]. 115 4.1. The mapMIBObjects 117 4.1.1. The mapRule Subtree 119 The mapRule subtree describes managed objects used for managing the 120 multiple mapping rules in MAP-E. 122 According to the [RFC7597], the mapping rules are divided into two 123 categories, which are Basic Mapping Rule (BMR), and Forwarding 124 Mapping Rule (FMR). And according to the section 4.1 of [RFC7598], 125 it defines a F-flag to specify whether the rule is to be used for 126 forwarding (FMR). If set, this rule is used as an FMR; if not set, 127 this rule is a BMR only and MUST NOT be used for forwarding. And a 128 BMR can also be used as an FMR for forwarding if the F-flag is set. 129 So in the RuleType definition of MAP-E MIB in section 5, it defines 130 bmrAndfmr to specify this scenario. 132 4.1.2. The mapSecurityCheck Subtree 134 The mapSecurityCheck subtree provides statistics for the number of 135 invalid packets that have been identified. There are two kinds of 136 invalid packets which are defined in the [RFC7597] as below. 138 - The Border Relay (BR) will validate the received packet's source 139 IPv6 address against the configured MAP domain rule and the 140 destination IPv6 address against the configured BR IPv6 address. 142 - The MAP node (Customer Edge, CE and BR) will check that the 143 received packets' source IPv4 address and port is in the range 144 derived from the matching MAP Rule. 146 4.2. The mapMIBConformance Subtree 148 The mapMIBConformance subtree provides conformance information of MIB 149 objects. 151 5. Definitions 153 The following MIB module imports definitions from [RFC2578], 154 [RFC2579], [RFC2580], [RFC2863], and [RFC4001]. 156 MAP-E-MIB DEFINITIONS ::= BEGIN 158 IMPORTS 159 MODULE-IDENTITY, OBJECT-TYPE, mib-2, 160 Unsigned32, Counter64 161 FROM SNMPv2-SMI --RFC2578 162 TEXTUAL-CONVENTION 163 FROM SNMPv2-TC --RFC2579 164 ifIndex 165 FROM IF-MIB --RFC2863 166 InetAddressIPv6, InetAddressIPv4, 167 InetAddressPrefixLength 168 FROM INET-ADDRESS-MIB --RFC4001 169 OBJECT-GROUP, MODULE-COMPLIANCE 170 FROM SNMPv2-CONF; --RFC2580 172 mapMIB MODULE-IDENTITY 173 LAST-UPDATED "201805290000Z" 174 ORGANIZATION 175 "IETF Softwire Working Group" 176 CONTACT-INFO 177 "Yu Fu 178 CNNIC 179 No.4 South 4th Street, Zhongguancun 180 Beijing, P.R. China 100190 181 EMail: fuyu@cnnic.cn 183 Sheng Jiang 184 Huawei Technologies Co., Ltd 185 Huawei Building, 156 Beiqing Rd., Hai-Dian District 186 Beijing, P.R. China 100095 187 EMail: jiangsheng@huawei.com 188 Bing Liu 189 Huawei Technologies Co., Ltd 190 Huawei Building, 156 Beiqing Rd., Hai-Dian District 191 Beijing, P.R. China 100095 192 EMail: leo.liubing@huawei.com 194 Jiang Dong 195 Tsinghua University 196 Department of Computer Science, Tsinghua University 197 Beijing 100084 198 P.R. China 199 Email: knight.dongjiang@gmail.com 201 Yuchi Chen 202 Tsinghua University 203 Department of Computer Science, Tsinghua University 204 Beijing 100084 205 P.R. China 206 Email: chenycmx@gmail.com" 208 DESCRIPTION 209 "The MIB module is defined for management of objects for 210 MAP-E BRs or CEs." 211 REVISION "201805290000Z" 212 DESCRIPTION 213 "Initial version. Published as RFC xxxx." 214 --RFC Ed.: RFC-edtitor pls fill in xxxx 215 ::= { mib-2 xxx } 216 --xxx to be replaced withIANA-assigned value 218 mapMIBObjects OBJECT IDENTIFIER ::= {mapMIB 1} 220 mapRule OBJECT IDENTIFIER 221 ::= { mapMIBObjects 1 } 223 mapSecurityCheck OBJECT IDENTIFIER 224 ::= { mapMIBObjects 2 } 226 -- ============================================================== 227 -- Textual Conventions used in this MIB module 228 -- ============================================================== 230 RulePSID ::= TEXTUAL-CONVENTION 231 DISPLAY-HINT "0x:" 232 STATUS current 233 DESCRIPTION 234 "Indicates that the PSID is represented as hexadecimal for 235 clarity." 237 SYNTAX OCTET STRING (SIZE (2)) 239 RuleType ::= TEXTUAL-CONVENTION 240 STATUS current 241 DESCRIPTION 242 "Enumerates the type of the mapping rule. It 243 defines three types of mapping rules here: 244 bmr: Basic Mapping Rule (Not Forwarding Mapping Rule), 245 fmr: Forwarding Mapping Rule (Not Basic Mapping Rule), 246 bmrAndfmr: Basic and Forwarding Mapping Rule. The Basic 247 Mapping Rule may also be a Forwarding Mapping Rule for 248 mesh mode." 249 REFERENCE "bmr, fmr: section 5 of RFC 7597. 250 bmrAndfmr: section 5 of RFC 7597, section 4.1 251 of RFC 7598." 252 SYNTAX INTEGER { 253 bmr(1), 254 fmr(2), 255 bmrAndfmr(3) 256 } 258 mapRuleTable OBJECT-TYPE 259 SYNTAX SEQUENCE OF MapRuleEntry 260 MAX-ACCESS not-accessible 261 STATUS current 262 DESCRIPTION 263 "The (conceptual) table containing rule information for 264 a specific mapping rule. It can also be used for row 265 creation." 266 ::= { mapRule 1 } 268 mapRuleEntry OBJECT-TYPE 269 SYNTAX MapRuleEntry 270 MAX-ACCESS not-accessible 271 STATUS current 272 DESCRIPTION 273 "Each entry in this table contains the information on a 274 particular mapping rule." 275 INDEX { ifIndex, 276 mapRuleID } 277 ::= { mapRuleTable 1 } 279 MapRuleEntry ::= 280 SEQUENCE { 281 mapRuleID Unsigned32, 282 mapRuleIPv6Prefix InetAddressIPv6, 283 mapRuleIPv6PrefixLen InetAddressPrefixLength, 284 mapRuleIPv4Prefix InetAddressIPv4, 285 mapRuleIPv4PrefixLen InetAddressPrefixLength, 286 mapRuleBRIPv6Address InetAddressIPv6, 287 mapRulePSID RulePSID, 288 mapRulePSIDLen Unsigned32, 289 mapRuleOffset Unsigned32, 290 mapRuleEALen Unsigned32, 291 mapRuleType RuleType 292 } 294 mapRuleID OBJECT-TYPE 295 SYNTAX Unsigned32 (1..4294967295) 296 MAX-ACCESS not-accessible 297 STATUS current 298 DESCRIPTION 299 "A unique identifier used to distinguish mapping 300 rules." 301 ::= { mapRuleEntry 1 } 303 -- The object mapRuleIPv6Prefix is IPv6 specific and hence it does 304 -- not use the version agnostic InetAddress. 306 mapRuleIPv6Prefix OBJECT-TYPE 307 SYNTAX InetAddressIPv6 308 MAX-ACCESS read-only 309 STATUS current 310 DESCRIPTION 311 "The IPv6 prefix defined in the mapping rule which will be 312 assigned to CE." 313 ::= { mapRuleEntry 2 } 315 mapRuleIPv6PrefixLen OBJECT-TYPE 316 SYNTAX InetAddressPrefixLength 317 MAX-ACCESS read-only 318 STATUS current 319 DESCRIPTION 320 "The length of the IPv6 prefix defined in the mapping rule 321 which will be assigned to CE." 322 ::= { mapRuleEntry 3 } 324 -- The object mapRuleIPv4Prefix is IPv4 specific and hence it does 325 -- not use the version agnostic InetAddress. 327 mapRuleIPv4Prefix OBJECT-TYPE 328 SYNTAX InetAddressIPv4 329 MAX-ACCESS read-only 330 STATUS current 331 DESCRIPTION 332 " The IPv4 prefix defined in the mapping rule which will be 333 assigned to CE." 334 ::= { mapRuleEntry 4 } 336 mapRuleIPv4PrefixLen OBJECT-TYPE 337 SYNTAX InetAddressPrefixLength 338 MAX-ACCESS read-only 339 STATUS current 340 DESCRIPTION 341 "The length of the IPv4 prefix defined in the mapping 342 rule which will be assigned to CE." 343 ::= { mapRuleEntry 5 } 345 -- The object mapRuleBRIPv6Address is IPv6 specific and hence it does 346 -- not use the version agnostic InetAddress. 348 mapRuleBRIPv6Address OBJECT-TYPE 349 SYNTAX InetAddressIPv6 350 MAX-ACCESS read-only 351 STATUS current 352 DESCRIPTION 353 "The IPv6 address of the BR which will be conveyed to CE. 354 If the BR IPv6 address is anycast, the relay must use 355 this anycast IPv6 address as the source address in 356 packets relayed to CEs." 357 ::= { mapRuleEntry 6 } 359 mapRulePSID OBJECT-TYPE 360 SYNTAX RulePSID 361 MAX-ACCESS read-only 362 STATUS current 363 DESCRIPTION 364 "The PSID value algorithmically identifies a set of 365 ports assigned to a CE." 366 REFERENCE 367 "PSID: section 5.1 of RFC 7597." 368 ::= { mapRuleEntry 7 } 370 mapRulePSIDLen OBJECT-TYPE 371 SYNTAX Unsigned32(0..16) 372 MAX-ACCESS read-only 373 STATUS current 374 DESCRIPTION 375 "The bit length value of the number of significant bits in 376 the PSID field. When it is set to 0, the PSID 377 field is to be ignored." 378 ::= { mapRuleEntry 8 } 380 mapRuleOffset OBJECT-TYPE 381 SYNTAX Unsigned32(0..15) 382 MAX-ACCESS read-only 383 STATUS current 384 DESCRIPTION 385 "The number of the mapRuleOffset is 6 by default as to 386 exclude the System ports (0-1023). It is provided via 387 the Rule Port Mapping Parameters in the Basic Mapping 388 Rule." 389 DEFVAL {6} 390 ::= { mapRuleEntry 9 } 392 mapRuleEALen OBJECT-TYPE 393 SYNTAX Unsigned32(0..48) 394 MAX-ACCESS read-only 395 STATUS current 396 DESCRIPTION 397 "The length of the Embedded-Address (EA) defined in 398 mapping rule which will be assigned to CE." 399 REFERENCE 400 "EA: section 3 of RFC 7597." 401 ::= { mapRuleEntry 10 } 403 mapRuleType OBJECT-TYPE 404 SYNTAX RuleType 405 MAX-ACCESS read-only 406 STATUS current 407 DESCRIPTION 408 "Indicates the type of mapping rule. 409 '1' represents a BMR. 410 '2' represents a FMR and '3' is for a BMR which 411 is also an FMR for mesh mode." 412 REFERENCE 413 "bmr, fmr: section 5 of RFC 7597. 414 bmrAndfmr: section 5 of RFC 7597, section 4.1 of 415 RFC 7598." 416 ::= { mapRuleEntry 11 } 418 mapSecurityCheckTable OBJECT-TYPE 419 SYNTAX SEQUENCE OF MapSecurityCheckEntry 420 MAX-ACCESS not-accessible 421 STATUS current 422 DESCRIPTION 423 "The (conceptual) table containing information on 424 MAP security checks. This table can be used for 425 statistics on the number of invalid packets that 426 have been identified." 427 ::= { mapSecurityCheck 1 } 429 mapSecurityCheckEntry OBJECT-TYPE 430 SYNTAX MapSecurityCheckEntry 431 MAX-ACCESS not-accessible 432 STATUS current 433 DESCRIPTION 434 "Each entry in this table contains information on a 435 particular MAP SecurityCheck." 436 INDEX { ifIndex } 437 ::= { mapSecurityCheckTable 1 } 439 MapSecurityCheckEntry ::= 440 SEQUENCE { 441 mapSecurityCheckInvalidv4 Counter64, 442 mapSecurityCheckInvalidv6 Counter64 443 } 445 mapSecurityCheckInvalidv4 OBJECT-TYPE 446 SYNTAX Counter64 447 MAX-ACCESS read-only 448 STATUS current 449 DESCRIPTION 450 "Indicates the number of received IPv4 packets 451 which do not have a payload source IPv4 address or 452 port within the range defined in the matching MAP 453 rule. It is corresponding to the second kind of 454 invalid packets described in section 4.1.2." 455 ::= { mapSecurityCheckEntry 1 } 457 mapSecurityCheckInvalidv6 OBJECT-TYPE 458 SYNTAX Counter64 459 MAX-ACCESS read-only 460 STATUS current 461 DESCRIPTION 462 "Indicates the number of received IPv6 packets which 463 do not have a source or destination IPv6 address 464 matching a Basic Mapping Rule. It is corresponding 465 to the first kind of invalid packets described 466 in section 4.1.2." 467 ::= { mapSecurityCheckEntry 2 } 469 -- Conformance Information 470 mapMIBConformance OBJECT IDENTIFIER ::= {mapMIB 2} 471 mapMIBCompliances OBJECT IDENTIFIER ::= { mapMIBConformance 1 } 472 mapMIBGroups OBJECT IDENTIFIER ::= { mapMIBConformance 2 } 473 -- compliance statements 474 mapMIBCompliance MODULE-COMPLIANCE 475 STATUS current 476 DESCRIPTION 477 "Describes the minimal requirements for conformance 478 to the MAP-E MIB." 479 MODULE -- this module 480 MANDATORY-GROUPS { mapMIBRuleGroup , mapMIBSecurityGroup } 481 ::= { mapMIBCompliances 1 } 483 -- Units of Conformance 484 mapMIBRuleGroup OBJECT-GROUP 485 OBJECTS { 486 mapRuleIPv6Prefix, 487 mapRuleIPv6PrefixLen, 488 mapRuleIPv4Prefix, 489 mapRuleIPv4PrefixLen, 490 mapRuleBRIPv6Address, 491 mapRulePSID, 492 mapRulePSIDLen, 493 mapRuleOffset, 494 mapRuleEALen, 495 mapRuleType } 496 STATUS current 497 DESCRIPTION 498 "The group of objects used to describe the MAP-E mapping 499 rule." 500 ::= { mapMIBGroups 1 } 502 mapMIBSecurityGroup OBJECT-GROUP 503 OBJECTS { 504 mapSecurityCheckInvalidv4, 505 mapSecurityCheckInvalidv6 } 506 STATUS current 507 DESCRIPTION 508 "The group of objects used to provide information on the 509 MAP-E security checks." 510 ::= { mapMIBGroups 2 } 512 END 514 6. IANA Considerations 516 The MIB module in this document uses the following IANA-assigned 517 OBJECT IDENTIFIER values recorded in the SMI Numbers registry: 519 Descriptor OBJECT IDENTIFIER value 520 ---------- ----------------------- 521 MAP-E-MIB { mib-2 XXX } 523 7. Security Considerations 525 There are no management objects defined in this MIB module that have 526 a MAX-ACCESS clause of read-write and/or read-create. So, if this 527 MIB module is implemented correctly, then there is no risk that an 528 intruder can alter or create any management objects of this MIB 529 module via direct SNMP SET operations. 531 Some of the readable objects in this MIB module (i.e., objects with a 532 MAX-ACCESS other than not-accessible) may be considered sensitive or 533 vulnerable in some network environments. It is thus important to 534 control even GET and/or NOTIFY access to these objects and possibly 535 to even encrypt the values of these objects when sending them over 536 the network via SNMP. 538 Some of the MIB model's objects are vulnerable as the information 539 which they hold may be used for targeting an attack against a MAP 540 node (CE or BR). E.g., an intruder could use the information to help 541 deduce the customer IPv4 and IPv6 topologies and address-sharing 542 ratios in use by the ISP. 544 The following is a list of the objects that have this vulnerability: 546 mapRuleIPv6Prefix 548 mapRuleIPv6PrefixLen 550 mapRuleIPv4Prefix 552 mapRuleIPv4PrefixLen 554 mapRuleBRIPv6Address 556 mapRulePSID 558 mapRulePSIDLen 560 mapRuleOffset 562 mapRuleEALen 564 mapRuleType 566 SNMP versions prior to SNMPv3 did not include adequate security. 567 Even if the network itself is secure (for example by using IPSec), 568 there is no control as to who on the secure network is allowed to 569 access and GET/SET (read/change/create/delete) the objects in this 570 MIB module. 572 Implementations SHOULD provide the security features described by the 573 SNMPv3 framework (see [RFC3410]), and implementations claiming 574 compliance to the SNMPv3 standard MUST include full support for 575 authentication and privacy via the User-based Security Model (USM) 576 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 577 MAY also provide support for the Transport Security Model (TSM) 578 [RFC5591] in combination with a secure transport such as SSH 579 [RFC5592] or TLS/DTLS [RFC6353]. 581 Further, deployment of SNMP versions prior to SNMPv3 is NOT 582 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 583 enable cryptographic security. It is then a customer/operator 584 responsibility to ensure that the SNMP entity giving access to an 585 instance of this MIB module is properly configured to give access to 586 the objects only to those principals (users) that have legitimate 587 rights to indeed GET or SET (change/create/delete) them. 589 8. Acknowledgements 591 The authors would like to thank for valuable comments from David 592 Harrington, Mark Townsley, Shishio Tsuchiya, Yong Cui, Suresh 593 Krishnan, Bert Wijnen, Ian Farrer and Juergen Schoenwaelder. 595 This document was produced using the xml2rfc tool [RFC7991]. 597 9. References 599 9.1. Normative References 601 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 602 Requirement Levels", BCP 14, RFC 2119, 603 DOI 10.17487/RFC2119, March 1997, 604 . 606 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 607 Schoenwaelder, Ed., "Structure of Management Information 608 Version 2 (SMIv2)", STD 58, RFC 2578, 609 DOI 10.17487/RFC2578, April 1999, 610 . 612 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 613 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 614 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 615 . 617 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 618 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 619 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 620 . 622 [RFC2863] McCloghrie, K. and F. Kastenholz, "The Interfaces Group 623 MIB", RFC 2863, DOI 10.17487/RFC2863, June 2000, 624 . 626 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 627 Schoenwaelder, "Textual Conventions for Internet Network 628 Addresses", RFC 4001, DOI 10.17487/RFC4001, February 2005, 629 . 631 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 632 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 633 Port with Encapsulation (MAP-E)", RFC 7597, 634 DOI 10.17487/RFC7597, July 2015, 635 . 637 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 638 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 639 Configuration of Softwire Address and Port-Mapped 640 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 641 . 643 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 644 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 645 May 2017, . 647 9.2. Informative References 649 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 650 "Introduction and Applicability Statements for Internet- 651 Standard Management Framework", RFC 3410, 652 DOI 10.17487/RFC3410, December 2002, 653 . 655 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 656 (USM) for version 3 of the Simple Network Management 657 Protocol (SNMPv3)", STD 62, RFC 3414, 658 DOI 10.17487/RFC3414, December 2002, 659 . 661 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 662 Advanced Encryption Standard (AES) Cipher Algorithm in the 663 SNMP User-based Security Model", RFC 3826, 664 DOI 10.17487/RFC3826, June 2004, 665 . 667 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 668 for the Simple Network Management Protocol (SNMP)", 669 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 670 . 672 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 673 Shell Transport Model for the Simple Network Management 674 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 675 2009, . 677 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 678 Model for the Simple Network Management Protocol (SNMP)", 679 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 680 . 682 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 683 RFC 7991, DOI 10.17487/RFC7991, December 2016, 684 . 686 Authors' Addresses 688 Yu Fu 689 CNNIC 690 No.4 South 4th Street, Zhongguancun 691 Beijing 100190 692 P.R. China 694 Email: fuyu@cnnic.cn 696 Sheng Jiang 697 Huawei Technologies Co., Ltd 698 Q14, Huawei Campus, No.156 Beiqing Road 699 Hai-Dian District, Beijing, 100095 700 P.R. China 702 Email: jiangsheng@huawei.com 703 Bing Liu 704 Huawei Technologies Co., Ltd 705 Q14, Huawei Campus, No.156 Beiqing Road 706 Hai-Dian District, Beijing, 100095 707 P.R. China 709 Email: leo.liubing@huawei.com 711 Jiang Dong 712 Tsinghua University 713 Department of Computer Science, Tsinghua University 714 Beijing 100084 715 P.R. China 717 Email: knight.dongjiang@gmail.com 719 Yuchi Chen 720 Tsinghua University 721 Department of Computer Science, Tsinghua University 722 Beijing 100084 723 P.R. China 725 Email: flashfoxmx@gmail.com