draft-ietf-behave-nat-mib-00.txt   draft-ietf-behave-nat-mib-01.txt 
Network Working Group S. Perreault Network Working Group S. Perreault
Internet-Draft Viagenie Internet-Draft Viagenie
Intended status: Standards Track T. Tsou Intended status: Standards Track T. Tsou
Expires: October 19, 2012 Huawei Technologies (USA) Expires: December 20, 2012 Huawei Technologies (USA)
S. Sivakumar S. Sivakumar
Cisco Systems Cisco Systems
April 17, 2012 June 18, 2012
Additional Definitions of Managed Objects for Network Address Additional Managed Objects for Network Address Translators (NAT)
Translators (NAT) draft-ietf-behave-nat-mib-01
draft-ietf-behave-nat-mib-00
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for devices implementing Network Address Translator (NAT) function. for devices implementing Network Address Translator (NAT) function.
This MIB module may be used for monitoring of a device capable of NAT This MIB module may be used for monitoring of a device capable of NAT
function. function.
Status of this Memo Status of this Memo
skipping to change at page 1, line 37 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 19, 2012. This Internet-Draft will expire on December 20, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Security Considerations . . . . . . . . . . . . . . . . . . . 15 4. Security Considerations . . . . . . . . . . . . . . . . . . . 26
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 26
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 26
6.1. Normative References . . . . . . . . . . . . . . . . . . . 16 6.1. Normative References . . . . . . . . . . . . . . . . . . . 26
6.2. Informative References . . . . . . . . . . . . . . . . . . 16 6.2. Informative References . . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 Appendix A. Change Log (to be removed by RFC Editor prior to
publication) . . . . . . . . . . . . . . . . . . . . 27
A.1. Changed in -01 . . . . . . . . . . . . . . . . . . . . . . 27
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 27
1. Introduction 1. Introduction
[RFC4008] defines some objects for managing network address [RFC4008] defines some objects for managing network address
translators (NATs). Current operational practice often requires translators (NATs). Current operational practice often requires
additional objects, in particular for enterprise and Internet service additional objects, in particular for enterprise and Internet service
provider (ISP) deployments. This document defines those additional provider (ISP) deployments. This document defines those additional
objects. objects.
This module is designed to be completely independent from [RFC4008]. This module is designed to be completely independent from [RFC4008].
A NAT implementation could be managed using this module, the one from A NAT implementation could be managed using this module, the one from
[RFC4008], or both. [RFC4008], or both.
Note: "CGN" features are currently left out of this MIB. Such
features include anything related to "subscribers": per-subscriber
counters, limits, etc. They will either be added to this draft or
will be specified in a separate draft. Stay tuned.
2. Overview 2. Overview
New features in this module are as follows: New features in this module are as follows:
Counters: Many new counters are introduced. Most of them are Counters: Many new counters are introduced. Most of them are
available in two variants: global and per-transport protocol. available in two variants: global and per-transport protocol.
Limits: A few limits on the quantity of state data stored by the NAT Limits: A few limits on the quantity of state data stored by the NAT
device. Some of them can trigger notifications. device. Some of them can trigger notifications.
skipping to change at page 3, line 43 skipping to change at page 3, line 38
used in enterprise and ISP settings. Pools are listed in a table, used in enterprise and ISP settings. Pools are listed in a table,
each with its range of addresses and ports. It is possible to each with its range of addresses and ports. It is possible to
inspect each pool's usage, to set limits, and to receive inspect each pool's usage, to set limits, and to receive
notifications when thresholds are crossed. notifications when thresholds are crossed.
Address Mappings: NATs that have an "IP address pooling" behavior of Address Mappings: NATs that have an "IP address pooling" behavior of
"Paired" [RFC4787] maintain a mapping from internal address to "Paired" [RFC4787] maintain a mapping from internal address to
external address. This module allows inspection of this mapping external address. This module allows inspection of this mapping
table. table.
Mapping table indexed by external 3-tuple: It is often necessary to
determine the internal address that is mapped to a given external
address and port. This MIB provides this table with an index to
accomplish this efficiently, without having to iterate over all
mappings.
Per-subscriber counters, limits, and notifications: Carrier-Grade
NATs operate with a notion of "subscriber", to which are
associated a set of counters, limits, and notifications. The
subscriber identifier may not necessarily be an internal address,
as in the case of DS-Lite, where the identifier is the IPv6
address of the tunnel endpoint and the internal addresses are the
same for each subscriber.
3. Definitions 3. Definitions
This MIB module IMPORTs objects from [RFC2578], [RFC2579], and This MIB module IMPORTs objects from [RFC2578], [RFC2579], and
[RFC4001]. [RFC4001].
NEW-NAT-MIB DEFINITIONS ::= BEGIN NEW-NAT-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter64, Gauge32, MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter64, Gauge32,
Integer32, Unsigned32, mib-2 Integer32, Unsigned32, mib-2
FROM SNMPv2-SMI FROM SNMPv2-SMI
OBJECT-GROUP, NOTIFICATION-GROUP, MODULE-COMPLIANCE
FROM SNMPv2-CONF
TEXTUAL-CONVENTION TEXTUAL-CONVENTION
FROM SNMPv2-TC FROM SNMPv2-TC
InetAddressType, InetAddress, InetPortNumber InetAddressType, InetAddress, InetAddressPrefixLength,
InetPortNumber
FROM INET-ADDRESS-MIB; FROM INET-ADDRESS-MIB;
newNatMIB MODULE-IDENTITY newNatMIB MODULE-IDENTITY
LAST-UPDATED "200001010000Z" LAST-UPDATED "200001010000Z"
ORGANIZATION "TBD" ORGANIZATION "TBD"
CONTACT-INFO "TBD" CONTACT-INFO "TBD"
DESCRIPTION DESCRIPTION
"This MIB module defines generic managed objects for NAT." "This MIB module defines generic managed objects for NAT."
REVISION "200001010000Z" REVISION "200001010000Z"
skipping to change at page 4, line 35 skipping to change at page 4, line 48
::= { mib-2 9999 } ::= { mib-2 9999 }
-- table of contents -- table of contents
newNatNotifications OBJECT IDENTIFIER ::= { newNatMIB 0 } newNatNotifications OBJECT IDENTIFIER ::= { newNatMIB 0 }
newNatObjects OBJECT IDENTIFIER ::= { newNatMIB 1 } newNatObjects OBJECT IDENTIFIER ::= { newNatMIB 1 }
newNatCounters OBJECT IDENTIFIER ::= { newNatObjects 1 } newNatCounters OBJECT IDENTIFIER ::= { newNatObjects 1 }
newNatLimits OBJECT IDENTIFIER ::= { newNatObjects 2 } newNatLimits OBJECT IDENTIFIER ::= { newNatObjects 2 }
newNatPoolObjects OBJECT IDENTIFIER ::= { newNatObjects 3 } newNatPoolObjects OBJECT IDENTIFIER ::= { newNatObjects 3 }
newNatMapObjects OBJECT IDENTIFIER ::= { newNatObjects 4 } newNatMapObjects OBJECT IDENTIFIER ::= { newNatObjects 4 }
newNatSubscribers OBJECT IDENTIFIER ::= { newNatObjects 5 }
newNatConformance OBJECT IDENTIFIER ::= { newNatMIB 2 } newNatConformance OBJECT IDENTIFIER ::= { newNatMIB 2 }
newNatGroups OBJECT IDENTIFIER ::= { newNatConformance 1 } newNatGroups OBJECT IDENTIFIER ::= { newNatConformance 1 }
newNatCompliance OBJECT IDENTIFIER ::= { newNatConformance 2 } newNatCompliance OBJECT IDENTIFIER ::= { newNatConformance 2 }
-- textual conventions -- textual conventions
ProtocolNumber ::= TEXTUAL-CONVENTION ProtocolNumber ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A transport protocol number, from the 'protocol-numbers' IANA "A transport protocol number, from the 'protocol-numbers' IANA
registry." registry."
SYNTAX Unsigned32 (0..255) SYNTAX Unsigned32 (0..255)
skipping to change at page 5, line 34 skipping to change at page 5, line 44
newNatNotifPoolWatermarkHigh NOTIFICATION-TYPE newNatNotifPoolWatermarkHigh NOTIFICATION-TYPE
OBJECTS { newNatPoolIndex } OBJECTS { newNatPoolIndex }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification is generated when the specified pool's number "This notification is generated when the specified pool's number
of free addresses becomes greater than or equal to the of free addresses becomes greater than or equal to the
specified threshold. The threshold is specified by the specified threshold. The threshold is specified by the
newNatPoolWatermarkHigh object" newNatPoolWatermarkHigh object"
::= { newNatNotifications 2 } ::= { newNatNotifications 2 }
newNatNotifLimitMappings NOTIFICATION-TYPE newNatNotifMappings NOTIFICATION-TYPE
OBJECTS { newNatCntMappings } OBJECTS { newNatCntMappings }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification is generated when newNatCntMappings exceeds "This notification is generated when newNatCntMappings exceeds
the value of newNatLimitMappings." the value of newNatMappingsNotifyThreshold."
::= { newNatNotifications 3 } ::= { newNatNotifications 3 }
newNatNotifLimitAddrMappings NOTIFICATION-TYPE newNatNotifAddrMappings NOTIFICATION-TYPE
OBJECTS { newNatCntAddressMappings } OBJECTS { newNatCntAddressMappings }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification is generated when newNatCntAddressMappings "This notification is generated when newNatCntAddressMappings
exceeds the value of newNatLimitAddressMappings." exceeds the value of newNatAddrMapNotifyThreshold."
::= { newNatNotifications 4 } ::= { newNatNotifications 4 }
newNatNotifSubscriberMappings NOTIFICATION-TYPE
OBJECTS { newNatSubscriberCntMappings }
STATUS current
DESCRIPTION
"This notification is generated when newNatSubscriberCntMappings
exceeds the value of newNatSubscriberMapNotifyThresh, unless
newNatSubscriberMapNotifyThresh is zero.."
::= { newNatNotifications 5 }
-- counters -- counters
newNatCntTranslates OBJECT-TYPE newNatCntTranslates OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT has been applied." "The number of packets to which NAT has been applied."
::= { newNatCounters 1 } ::= { newNatCounters 1 }
newNatCntOOP OBJECT-TYPE newNatCntOOP OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
skipping to change at page 6, line 18 skipping to change at page 6, line 38
DESCRIPTION DESCRIPTION
"The number of packets to which NAT has been applied." "The number of packets to which NAT has been applied."
::= { newNatCounters 1 } ::= { newNatCounters 1 }
newNatCntOOP OBJECT-TYPE newNatCntOOP OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "The number of packets to which NAT could not be applied because
no external port was available." no external port was available, excluding quota limitations."
::= { newNatCounters 2 } ::= { newNatCounters 2 }
newNatCntResource OBJECT-TYPE newNatCntResource OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "The number of packets to which NAT could not be applied because
of resource constraints (excluding out-of-ports condition)." of resource constraints (excluding out-of-ports condition)."
::= { newNatCounters 3 } ::= { newNatCounters 3 }
skipping to change at page 6, line 48 skipping to change at page 7, line 20
are incompatible with the current state of the mapping would are incompatible with the current state of the mapping would
cause this counter to be incremented." cause this counter to be incremented."
::= { newNatCounters 4 } ::= { newNatCounters 4 }
newNatCntQuota OBJECT-TYPE newNatCntQuota OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The number of packets to which NAT could not be applied because "The number of packets to which NAT could not be applied because
of exceeded quotas. Quotas include absolute limits as well as of quota limitations. Quotas include absolute limits as well as
limits on rate of allocation." limits on rate of allocation."
::= { newNatCounters 5 } ::= { newNatCounters 5 }
newNatCntMappings OBJECT-TYPE newNatCntMappings OBJECT-TYPE
SYNTAX Gauge32 SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of active mappings. "Number of currently active mappings.
Equal to newNatCntMapRemovals - newNatCntMapCreations." Equal to newNatCntMapRemovals - newNatCntMapCreations."
::= { newNatCounters 6 } ::= { newNatCounters 6 }
newNatCntMapCreations OBJECT-TYPE newNatCntMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of mapping creations. This includes static mappings." "Number of mapping creations. This includes static mappings."
skipping to change at page 10, line 39 skipping to change at page 11, line 12
newNatLimitMappings OBJECT-TYPE newNatLimitMappings OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Global limit on the total number of mappings. Zero means "Global limit on the total number of mappings. Zero means
unlimited." unlimited."
::= { newNatLimits 1 } ::= { newNatLimits 1 }
-- TODO: How does that work with bulk port allocation? -- TODO: How does that work with bulk port allocation?
newNatMappingsNotifyThreshold OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"See newNatNotifMappings."
::= { newNatLimits 2 }
newNatLimitAddressMappings OBJECT-TYPE newNatLimitAddressMappings OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Global limit on the total number of internal-to-external "Global limit on the total number of internal-to-external
address mappings. Zero means unlimited. address mappings. Zero means unlimited.
This limit is only applicable to NATs that have an 'IP address This limit is only applicable to NATs that have an 'IP address
pooling' behavior of 'Paired' [RFC4787]." pooling' behavior of 'Paired' [RFC4787]."
::= { newNatLimits 2 } ::= { newNatLimits 3 }
newNatAddrMapNotifyThreshold OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"See newNatNotifAddrMappings."
::= { newNatLimits 4 }
newNatLimitFragments OBJECT-TYPE newNatLimitFragments OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Global limit on the total number of fragments pending "Global limit on the total number of fragments pending
reassembly. Zero means unlimited. reassembly. Zero means unlimited.
This limit is only applicable to NATs having 'Receive This limit is only applicable to NATs having 'Receive
Fragments Out of Order' behavior [RFC4787]." Fragments Out of Order' behavior [RFC4787]."
::= { newNatLimits 3 } ::= { newNatLimits 5 }
newNatLimitSubscribers OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Global limit on the number of subscribers with active mappings.
Zero means unlimited."
::= { newNatLimits 6 }
-- pools -- pools
newNatPoolTable OBJECT-TYPE newNatPoolTable OBJECT-TYPE
SYNTAX SEQUENCE OF NewNatPoolEntry SYNTAX SEQUENCE OF NewNatPoolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of pools." "Table of pools."
::= { newNatPoolObjects 1 } ::= { newNatPoolObjects 1 }
skipping to change at page 13, line 25 skipping to change at page 14, line 22
"This table contains address ranges used by pool entries." "This table contains address ranges used by pool entries."
::= { newNatPoolObjects 2 } ::= { newNatPoolObjects 2 }
newNatPoolRangeEntry OBJECT-TYPE newNatPoolRangeEntry OBJECT-TYPE
SYNTAX NewNatPoolRangeEntry SYNTAX NewNatPoolRangeEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT pool address range." "NAT pool address range."
INDEX { newNatPoolRangeType, INDEX { newNatPoolRangeType,
newNatPoolRangeBegin, newNatPoolRangeBegin }
newNatPoolRangeEnd }
::= { newNatPoolRangeTable 1 } ::= { newNatPoolRangeTable 1 }
NewNatPoolRangeEntry ::= NewNatPoolRangeEntry ::=
SEQUENCE { SEQUENCE {
newNatPoolRangePoolIndex NatPoolIndex,
newNatPoolRangeType InetAddressType, newNatPoolRangeType InetAddressType,
newNatPoolRangeBegin InetAddress, newNatPoolRangeBegin InetAddress,
newNatPoolRangeEnd InetAddress, newNatPoolRangeEnd InetAddress,
newNatPoolRangeAllocatedPorts Gauge32 newNatPoolRangeAllocatedPorts Gauge32
-- TODO: the usual bookkeeping things -- TODO: the usual bookkeeping things
} }
newNatPoolRangePoolIndex OBJECT-TYPE
SYNTAX NatPoolIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the address pool to which this address range belongs.
See newNatPoolIndex."
::= { newNatPoolRangeEntry 1 }
newNatPoolRangeType OBJECT-TYPE newNatPoolRangeType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The address type of newNatPoolRangeBegin and "The address type of newNatPoolRangeBegin and
newNatPoolRangeEnd." newNatPoolRangeEnd."
::= { newNatPoolRangeEntry 1 }
::= { newNatPoolRangeEntry 2 }
newNatPoolRangeBegin OBJECT-TYPE newNatPoolRangeBegin OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16)) SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Lowest address included in this range." "Lowest address included in this range."
::= { newNatPoolRangeEntry 2 } ::= { newNatPoolRangeEntry 3 }
newNatPoolRangeEnd OBJECT-TYPE newNatPoolRangeEnd OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16)) SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Highest address included in this range." "Highest address included in this range."
::= { newNatPoolRangeEntry 3 } ::= { newNatPoolRangeEntry 4 }
newNatPoolRangeAllocatedPorts OBJECT-TYPE newNatPoolRangeAllocatedPorts OBJECT-TYPE
SYNTAX Gauge32 SYNTAX Gauge32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Number of ports currently allocated on the addresses in this "Number of ports currently allocated on the addresses in this
range." range."
::= { newNatPoolRangeEntry 4 } ::= { newNatPoolRangeEntry 5 }
-- indexed mapping tables
newNatMapIntAddrTable OBJECT-TYPE newNatMapIntAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF NewNatMapIntAddrEntry SYNTAX SEQUENCE OF NewNatMapIntAddrEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of mappings from internal to external address. "Table of mappings from internal to external address.
This table is only applicable to NATs that have an 'IP address This table is only applicable to NATs that have an 'IP address
pooling' behavior of 'Paired' [RFC4787]." pooling' behavior of 'Paired' [RFC4787]."
skipping to change at page 15, line 32 skipping to change at page 16, line 38
::= { newNatMapIntAddrEntry 2 } ::= { newNatMapIntAddrEntry 2 }
newNatMapIntAddrExt OBJECT-TYPE newNatMapIntAddrExt OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"External address." "External address."
::= { newNatMapIntAddrEntry 3 } ::= { newNatMapIntAddrEntry 3 }
newNatMappingTable OBJECT-TYPE
SYNTAX SEQUENCE OF NewNatMappingTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of mappings indexed by external 3-tuple."
::= { newNatMapObjects 2 }
newNatMappingTableEntry OBJECT-TYPE
SYNTAX NewNatMappingTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A single NAT mapping."
INDEX { newNatMappingProto,
newNatMappingExtAddressType,
newNatMappingExtAddress,
newNatMappingExtPort }
::= { newNatMappingTable 1 }
NewNatMappingTableEntry ::=
SEQUENCE {
newNatMappingProto ProtocolNumber,
newNatMappingExtAddressType InetAddressType,
newNatMappingExtAddress InetAddress,
newNatMappingExtPort InetPortNumber,
newNatMappingIntAddressType InetAddressType,
newNatMappingIntAddress InetAddress,
newNatMappingIntPort InetPortNumber,
newNatMappingPool NatPoolIndex
}
newNatMappingProto OBJECT-TYPE
SYNTAX ProtocolNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's transport protocol number."
::= { newNatMappingTableEntry 1 }
newNatMappingExtAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Type of the mapping's external address."
::= { newNatMappingTableEntry 2 }
newNatMappingExtAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's external address. If this is the undefined
address, all external addresses are mapped to the internal
address."
::= { newNatMappingTableEntry 3 }
newNatMappingExtPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's external port number. If this is zero, all
external ports are mapped to the internal port."
::= { newNatMappingTableEntry 4 }
newNatMappingIntAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Type of the mapping's internal address."
::= { newNatMappingTableEntry 5 }
newNatMappingIntAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The mapping's internal address. If this is the undefined
address, addresses are not translated."
::= { newNatMappingTableEntry 6 }
newNatMappingIntPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The mapping's internal port number. If this is zero, ports are
not translated."
::= { newNatMappingTableEntry 7 }
newNatMappingPool OBJECT-TYPE
SYNTAX NatPoolIndex (0|1..4294967295)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the pool that contains this mapping's external address
and port. If zero, no pool is associated with this mapping."
::= { newNatMappingTableEntry 8 }
-- subscribers
newNatSubscribersTable OBJECT-TYPE
SYNTAX SEQUENCE OF NewNatSubscribersTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of CGN subscribers."
::= { newNatSubscribers 1 }
newNatSubscribersTableEntry OBJECT-TYPE
SYNTAX NewNatSubscribersTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry describes a single CGN subscriber."
INDEX { newNatSubscriberIdentifierType,
newNatSubscriberIdentifier }
::= { newNatSubscribersTable 1 }
NewNatSubscribersTableEntry ::=
SEQUENCE {
newNatSubscriberIdentifierType InetAddressType,
newNatSubscriberIdentifier InetAddress,
newNatSubscriberIntPrefixType InetAddressType,
newNatSubscriberIntPrefix InetAddress,
newNatSubscriberIntPrefixLength InetAddressPrefixLength,
newNatSubscriberPool NatPoolIndex,
newNatSubscriberCntTranslates Counter64,
newNatSubscriberCntOOP Counter64,
newNatSubscriberCntResource Counter64,
newNatSubscriberCntStateMismatch Counter64,
newNatSubscriberCntQuota Counter64,
newNatSubscriberCntMappings Gauge32,
newNatSubscriberCntMapCreations Counter64,
newNatSubscriberCntMapRemovals Counter64,
newNatSubscriberLimitMappings Unsigned32,
newNatSubscriberMapNotifyThresh Unsigned32
}
newNatSubscriberIdentifierType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address type of the subscriber identifier."
::= { newNatSubscribersTableEntry 1 }
newNatSubscriberIdentifier OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address used for uniquely identifying the subscriber.
In traditional NAT, this is the internal address assigned to
the CPE. In case an address range is assigned to a subscriber,
the first address in the range is used as identifier. For
tunnelled connectivity (e.g., DS-Lite [RFC6333]), the outer
address is used as identifier (i.e., the IPv6 address in the
case of DS-Lite)."
::= { newNatSubscribersTableEntry 2 }
newNatSubscriberIntPrefixType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Subscriber's internal prefix type."
::= { newNatSubscribersTableEntry 3 }
newNatSubscriberIntPrefix OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Prefix assigned to a subscriber's CPE."
::= { newNatSubscribersTableEntry 4 }
newNatSubscriberIntPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Length of the prefix assigned to a subscriber's CPE, in bits.
In case a single address is assigned, this will be 32 for IPv4
and 128 for IPv6."
::= { newNatSubscribersTableEntry 5 }
newNatSubscriberPool OBJECT-TYPE
SYNTAX NatPoolIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"External address pool to which this subscriber belongs."
::= { newNatSubscribersTableEntry 6 }
newNatSubscriberCntTranslates OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or sent to this subscriber
and to which NAT has been applied."
::= { newNatSubscribersTableEntry 7 }
newNatSubscriberCntOOP OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from this subscriber to which
NAT could not be applied because no external port was
available, excluding quota limitations."
::= { newNatSubscribersTableEntry 8 }
newNatSubscriberCntResource OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from this subscriber to which
NAT could not be applied because of resource constraints
(excluding out-of-ports condition)."
::= { newNatSubscribersTableEntry 9 }
newNatSubscriberCntStateMismatch OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or destined to this
subscriber to which NAT could not be applied because of mapping
state mismatch. For example, a TCP packet that matches an
existing mapping but is dropped because its flags are
incompatible with the current state of the mapping would cause
this counter to be incremented."
::= { newNatSubscribersTableEntry 10 }
newNatSubscriberCntQuota OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or destined to this
subscriber to which NAT could not be applied because of quota
limitations. Quotas include absolute limits as well as limits
on the rate of allocation."
::= { newNatSubscribersTableEntry 11 }
newNatSubscriberCntMappings OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of currently active mappings created by or for this
subscriber.
Equal to newNatSubscriberCntMapRemovals -
newNatSubscriberCntMapCreations."
::= { newNatSubscribersTableEntry 12 }
newNatSubscriberCntMapCreations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of mappings created by or for this subscriber."
::= { newNatSubscribersTableEntry 13 }
newNatSubscriberCntMapRemovals OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of mappings removed by or for this subscriber."
::= { newNatSubscribersTableEntry 14 }
newNatSubscriberLimitMappings OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Limit on the number of active mappings created by or for this
subscriber. Zero means unlimited."
::= { newNatSubscribersTableEntry 15 }
newNatSubscriberMapNotifyThresh OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"See newNatNotifSubscriberMappings."
::= { newNatSubscribersTableEntry 16 }
-- conformance groups -- conformance groups
newNatGroupBasicObjects OBJECT-GROUP
OBJECTS { newNatCntTranslates,
newNatCntOOP,
newNatCntResource,
newNatCntStateMismatch,
newNatCntQuota,
newNatCntMappings,
newNatCntMapCreations,
newNatCntMapRemovals,
newNatCntProtocolTranslates,
newNatCntProtocolOOP,
newNatCntProtocolResource,
newNatCntProtocolStateMismatch,
newNatCntProtocolQuota,
newNatCntProtocolMappings,
newNatCntProtocolMapCreations,
newNatCntProtocolMapRemovals,
newNatLimitMappings,
newNatMappingsNotifyThreshold,
newNatPoolIndex,
newNatPoolUsage,
newNatPoolWatermarkLow,
newNatPoolWatermarkHigh,
newNatPoolPortMin,
newNatPoolPortMax,
newNatPoolRangePoolIndex,
newNatPoolRangeEnd,
newNatPoolRangeAllocatedPorts,
newNatMappingIntAddressType,
newNatMappingIntAddress,
newNatMappingIntPort,
newNatMappingPool }
STATUS current
DESCRIPTION
"Basic counters, limits, and thresholds."
::= { newNatGroups 1 }
newNatGroupAddrMapObjects OBJECT-GROUP
OBJECTS { newNatCntAddressMappings,
newNatCntAddrMapCreations,
newNatCntAddrMapRemovals,
newNatLimitAddressMappings,
newNatAddrMapNotifyThreshold,
newNatMapIntAddrExt }
STATUS current
DESCRIPTION
"Objects that require 'Paired IP address pooling' behavior
[RFC4787]."
::= { newNatGroups 2 }
newNatGroupFragmentObjects OBJECT-GROUP
OBJECTS { newNatLimitFragments }
STATUS current
DESCRIPTION
"Objects that require 'Receive Fragments Out of Order' behavior
[RFC4787]."
::= { newNatGroups 3 }
newNatGroupSubscriberObjects OBJECT-GROUP
OBJECTS { newNatSubscriberIntPrefixType,
newNatSubscriberIntPrefix,
newNatSubscriberIntPrefixLength,
newNatSubscriberPool,
newNatSubscriberCntTranslates,
newNatSubscriberCntOOP,
newNatSubscriberCntResource,
newNatSubscriberCntStateMismatch,
newNatSubscriberCntQuota,
newNatSubscriberCntMappings,
newNatSubscriberCntMapCreations,
newNatSubscriberCntMapRemovals,
newNatSubscriberLimitMappings,
newNatSubscriberMapNotifyThresh,
newNatLimitSubscribers }
STATUS current
DESCRIPTION
"Per-subscriber counters, limits, and thresholds."
::= { newNatGroups 4 }
newNatGroupBasicNotifications NOTIFICATION-GROUP
NOTIFICATIONS { newNatNotifPoolWatermarkLow,
newNatNotifPoolWatermarkHigh,
newNatNotifMappings }
STATUS current
DESCRIPTION
"Basic notifications."
::= { newNatGroups 5 }
newNatGroupAddrMapNotifications NOTIFICATION-GROUP
NOTIFICATIONS { newNatNotifAddrMappings }
STATUS current
DESCRIPTION
"Notifications about address mappings."
::= { newNatGroups 6 }
newNatGroupSubscriberNotifs NOTIFICATION-GROUP
NOTIFICATIONS { newNatNotifSubscriberMappings }
STATUS current
DESCRIPTION
"Notifications about subscribers."
::= { newNatGroups 7 }
-- compliance statements
newNatBasicCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Basic compliance with this MIB is attained when the objects
contained in the mandatory groups are implemented."
MODULE -- this module
MANDATORY-GROUPS { newNatGroupBasicObjects,
newNatGroupBasicNotifications }
::= { newNatCompliance 1 }
newNatAddrMapCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"NATs that have 'Paired IP address pooling' behavior [RFC4787]
and implement the objects in this group can claim this level of
compliance."
MODULE -- this module
MANDATORY-GROUPS { newNatGroupBasicObjects,
newNatGroupBasicNotifications,
newNatGroupAddrMapObjects,
newNatGroupAddrMapNotifications }
::= { newNatCompliance 2 }
newNatFragmentsCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"NATs that have 'Receive Fragments Out of Order' behavior
[RFC4787] and implement the objects in this group can claim
this level of compliance."
MODULE -- this module
MANDATORY-GROUPS { newNatGroupBasicObjects,
newNatGroupBasicNotifications,
newNatGroupFragmentObjects }
::= { newNatCompliance 3 }
newNatCGNCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"NATs that have 'Paired IP address pooling' and 'Receive
Fragments Out of Order' behavior [RFC4787] and implement the
objects in this group can claim this level of compliance.
This level of compliance is to be expected of a CGN compliant
with [I-D.ietf-behave-lsn-requiremnents]."
MODULE -- this module
MANDATORY-GROUPS { newNatGroupBasicObjects,
newNatGroupBasicNotifications,
newNatGroupAddrMapObjects,
newNatGroupAddrMapNotifications,
newNatGroupFragmentObjects,
newNatGroupSubscriberObjects,
newNatGroupSubscriberNotifs }
::= { newNatCompliance 4 }
END END
4. Security Considerations 4. Security Considerations
TBD TBD
5. IANA Considerations 5. IANA Considerations
TBD TBD
skipping to change at page 16, line 28 skipping to change at page 27, line 11
[RFC4787] Audet, F. and C. Jennings, "Network Address Translation [RFC4787] Audet, F. and C. Jennings, "Network Address Translation
(NAT) Behavioral Requirements for Unicast UDP", BCP 127, (NAT) Behavioral Requirements for Unicast UDP", BCP 127,
RFC 4787, January 2007. RFC 4787, January 2007.
6.2. Informative References 6.2. Informative References
[RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and [RFC4008] Rohit, R., Srisuresh, P., Raghunarayan, R., Pai, N., and
C. Wang, "Definitions of Managed Objects for Network C. Wang, "Definitions of Managed Objects for Network
Address Translators (NAT)", RFC 4008, March 2005. Address Translators (NAT)", RFC 4008, March 2005.
Appendix A. Change Log (to be removed by RFC Editor prior to
publication)
A.1. Changed in -01
o Added CGN stuff (per-subscriber quotas, counters, notifications).
o Added conformance groups and compliance statements.
o Added mapping table indexed by external 3-tuple.
Authors' Addresses Authors' Addresses
Simon Perreault Simon Perreault
Viagenie Viagenie
246 Aberdeen 246 Aberdeen
Quebec, QC G1R 2E1 Quebec, QC G1R 2E1
Canada Canada
Phone: +1 418 656 9254 Phone: +1 418 656 9254
Email: simon.perreault@viagenie.ca Email: simon.perreault@viagenie.ca
 End of changes. 34 change blocks. 
35 lines changed or deleted 563 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/