| draft-ietf-behave-nat-mib-03.txt | draft-ietf-behave-nat-mib-04.txt | |||
|---|---|---|---|---|
| Network Working Group S. Perreault | Network Working Group S. Perreault | |||
| Internet-Draft Viagenie | Internet-Draft Viagenie | |||
| Obsoletes: 4008 (if approved) T. Tsou | Obsoletes: 4008 (if approved) T. Tsou | |||
| Intended status: Standards Track Huawei Technologies (USA) | Intended status: Standards Track Huawei Technologies (USA) | |||
| Expires: February 16, 2013 S. Sivakumar | Expires: August 25, 2013 S. Sivakumar | |||
| Cisco Systems | Cisco Systems | |||
| August 15, 2012 | February 21, 2013 | |||
| Additional Managed Objects for Network Address Translators (NAT) | Additional Managed Objects for Network Address Translators (NAT) | |||
| draft-ietf-behave-nat-mib-03 | draft-ietf-behave-nat-mib-04 | |||
| Abstract | Abstract | |||
| This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
| for devices implementing Network Address Translator (NAT) function. | for devices implementing Network Address Translator (NAT) function. | |||
| This MIB module may be used for monitoring of a device capable of NAT | This MIB module may be used for monitoring of a device capable of NAT | |||
| function. | function. | |||
| Status of this Memo | Status of this Memo | |||
| skipping to change at page 1, line 36 | skipping to change at page 1, line 36 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 16, 2013. | This Internet-Draft will expire on August 25, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| skipping to change at page 2, line 16 | skipping to change at page 2, line 16 | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. The Internet-Standard Management Framework . . . . . . . . . . 3 | 2. The Internet-Standard Management Framework . . . . . . . . . . 3 | |||
| 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 | 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.2. New Features . . . . . . . . . . . . . . . . . . . . . . . 4 | 3.2. New Features . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.3. Realms . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 72 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 78 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 73 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 79 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 73 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 79 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . . 73 | 7.1. Normative References . . . . . . . . . . . . . . . . . . . 79 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . . 74 | 7.2. Informative References . . . . . . . . . . . . . . . . . . 80 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 74 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 80 | |||
| 1. Introduction | 1. Introduction | |||
| This memo defines a portion of the Management Information Base (MIB) | This memo defines a portion of the Management Information Base (MIB) | |||
| for devices implementing NAT function. This MIB module may be used | for devices implementing NAT function. This MIB module may be used | |||
| for monitoring of a device capable of NAT function. Using it for | for monitoring of a device capable of NAT function. Using it for | |||
| configuration is deprecated. NAT types and their characteristics are | configuration is deprecated. NAT types and their characteristics are | |||
| defined in [RFC2663]. Traditional NAT function, in particular is | defined in [RFC2663]. Traditional NAT function, in particular is | |||
| defined in [RFC3022]. This MIB does not address the firewall | defined in [RFC3022]. This MIB does not address the firewall | |||
| functions and must not be used for configuring or monitoring these. | functions and must not be used for configuring or monitoring these. | |||
| skipping to change at page 5, line 28 | skipping to change at page 5, line 28 | |||
| address and port. This MIB provides this table with an index to | address and port. This MIB provides this table with an index to | |||
| accomplish this efficiently, without having to iterate over all | accomplish this efficiently, without having to iterate over all | |||
| mappings. | mappings. | |||
| Realms: See Section 3.3. | Realms: See Section 3.3. | |||
| RFC 4787 terminology: Mapping table entries indicate the mapping | RFC 4787 terminology: Mapping table entries indicate the mapping | |||
| behavior, the filtering behavior, and the address pooling behavior | behavior, the filtering behavior, and the address pooling behavior | |||
| that were used to create the mapping. | that were used to create the mapping. | |||
| Subscriber awareness: With the advent of CGN deployment, a set of | ||||
| subscriber specific counters, limits and parameters are added. | ||||
| 3.3. Realms | 3.3. Realms | |||
| Current NAT devices commonly allow the internal and external parts of | Current NAT devices commonly allow the internal and external parts of | |||
| a mapping to come from different realms. The meaning of "realm" is | a mapping to come from different realms. The meaning of "realm" is | |||
| implementation-dependent. On some implementations it can be | implementation-dependent. On some implementations it can be | |||
| equivalent to the name of a VPN Routing and Forwarding table (VRF). | equivalent to the name of a VPN Routing and Forwarding table (VRF). | |||
| On others it is simply the numeric index of a virtual routing table. | On others it is simply the numeric index of a virtual routing table. | |||
| Note that this usage of "realm" is completely different from the one | Note that this usage of "realm" is completely different from the one | |||
| in [RFC4008]. | in [RFC4008]. | |||
| skipping to change at page 45, line 33 | skipping to change at page 45, line 33 | |||
| ::= { natMIBNotifications 4 } | ::= { natMIBNotifications 4 } | |||
| natNotifAddrMappings NOTIFICATION-TYPE | natNotifAddrMappings NOTIFICATION-TYPE | |||
| OBJECTS { natCntAddressMappings } | OBJECTS { natCntAddressMappings } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "This notification is generated when natCntAddressMappings | "This notification is generated when natCntAddressMappings | |||
| exceeds the value of natAddrMapNotifyThreshold." | exceeds the value of natAddrMapNotifyThreshold." | |||
| ::= { natMIBNotifications 5 } | ::= { natMIBNotifications 5 } | |||
| natNotifSubscriberMappings NOTIFICATION-TYPE | ||||
| OBJECTS { natSubscriberCntMappings } | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "This notification is generated when natSubscriberCntMappings | ||||
| exceeds the value of natSubscriberMapNotifyThresh, unless | ||||
| natSubscriberMapNotifyThresh is zero.." | ||||
| ::= { NatNotifications 6 } | ||||
| -- | -- | |||
| -- Conformance information. | -- Conformance information. | |||
| -- | -- | |||
| natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 } | natMIBConformance OBJECT IDENTIFIER ::= { natMIB 2 } | |||
| natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } | natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 1 } | |||
| natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } | natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 2 } | |||
| -- | -- | |||
| -- Units of conformance | -- Units of conformance | |||
| -- | -- | |||
| natConfigGroup OBJECT-GROUP | natConfigGroup OBJECT-GROUP | |||
| OBJECTS { natInterfaceRealm, | OBJECTS { natInterfaceRealm, | |||
| natInterfaceServiceType, | natInterfaceServiceType, | |||
| natInterfaceStorageType, | natInterfaceStorageType, | |||
| natInterfaceRowStatus, | natInterfaceRowStatus, | |||
| natAddrMapName, | natAddrMapName, | |||
| skipping to change at page 50, line 15 | skipping to change at page 50, line 26 | |||
| "Basic notifications." | "Basic notifications." | |||
| ::= { natMIBGroups 11 } | ::= { natMIBGroups 11 } | |||
| natGroupAddrMapNotifications NOTIFICATION-GROUP | natGroupAddrMapNotifications NOTIFICATION-GROUP | |||
| NOTIFICATIONS { natNotifAddrMappings } | NOTIFICATIONS { natNotifAddrMappings } | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Notifications about address mappings." | "Notifications about address mappings." | |||
| ::= { natMIBGroups 12 } | ::= { natMIBGroups 12 } | |||
| natGroupSubscriberObjects OBJECT-GROUP | ||||
| OBJECTS { natSubscriberIntPrefixType, | ||||
| natSubscriberIntPrefix, | ||||
| natSubscriberIntPrefixLength, | ||||
| natSubscriberPool, | ||||
| natSubscriberCntTranslates, | ||||
| natSubscriberCntOOP, | ||||
| natSubscriberCntResource, | ||||
| natSubscriberCntStateMismatch, | ||||
| natSubscriberCntQuota, | ||||
| natSubscriberCntMappings, | ||||
| natSubscriberCntMapCreations, | ||||
| natSubscriberCntMapRemovals, | ||||
| natSubscriberLimitMappings, | ||||
| natLimitSubscribers } | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Per-subscriber counters, limits, and thresholds." | ||||
| ::= { natMIBGroups 13 } | ||||
| natGroupSubscriberNotifications NOTIFICATION-GROUP | ||||
| NOTIFICATIONS { natSubscriberMapNotifyThresh } | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Subscriber notifications." | ||||
| ::= { natMIBGroups 14 } | ||||
| -- | -- | |||
| -- Compliance statements | -- Compliance statements | |||
| -- | -- | |||
| natMIBFullCompliance MODULE-COMPLIANCE | natMIBFullCompliance MODULE-COMPLIANCE | |||
| STATUS deprecated | STATUS deprecated | |||
| DESCRIPTION | DESCRIPTION | |||
| "When this MIB is implemented with support for | "When this MIB is implemented with support for | |||
| read-create, then such an implementation can claim | read-create, then such an implementation can claim | |||
| full compliance. Such devices can then be both | full compliance. Such devices can then be both | |||
| skipping to change at page 58, line 37 | skipping to change at page 59, line 27 | |||
| DESCRIPTION | DESCRIPTION | |||
| "NATs that have 'Receive Fragments Out of Order' behavior | "NATs that have 'Receive Fragments Out of Order' behavior | |||
| [RFC4787] and implement the objects in this group can claim | [RFC4787] and implement the objects in this group can claim | |||
| this level of compliance." | this level of compliance." | |||
| MODULE -- this module | MODULE -- this module | |||
| MANDATORY-GROUPS { natGroupBasicObjects, | MANDATORY-GROUPS { natGroupBasicObjects, | |||
| natGroupBasicNotifications, | natGroupBasicNotifications, | |||
| natGroupFragmentObjects } | natGroupFragmentObjects } | |||
| ::= { natMIBCompliances 5 } | ::= { natMIBCompliances 5 } | |||
| natCGNCompliance MODULE-COMPLIANCE | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "NATs that have 'Paired IP address pooling' and 'Receive | ||||
| Fragments Out of Order' behavior [RFC4787] and implement the | ||||
| objects in this group can claim this level of compliance. | ||||
| This level of compliance is to be expected of a CGN compliant | ||||
| with [I-D.ietf-behave-lsn-requiremnents]." | ||||
| MODULE -- this module | ||||
| MANDATORY-GROUPS { natGroupBasicObjects, | ||||
| natGroupBasicNotifications, | ||||
| natGroupAddrMapObjects, | ||||
| natGroupAddrMapNotifications, | ||||
| natGroupFragmentObjects, | ||||
| natGroupSubscriberObjects, | ||||
| natGroupSubscriberNotifications } | ||||
| ::= { natMIBCompliances 6 } | ||||
| -- counters | -- counters | |||
| natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 } | natCounters OBJECT IDENTIFIER ::= { natMIBObjects 11 } | |||
| natCntTranslates OBJECT-TYPE | natCntTranslates OBJECT-TYPE | |||
| SYNTAX Counter64 | SYNTAX Counter64 | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "The number of packets to which NAT has been applied." | "The number of packets to which NAT has been applied." | |||
| skipping to change at page 64, line 23 | skipping to change at page 65, line 31 | |||
| MAX-ACCESS read-write | MAX-ACCESS read-write | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Global limit on the total number of fragments pending | "Global limit on the total number of fragments pending | |||
| reassembly. Zero means unlimited. | reassembly. Zero means unlimited. | |||
| This limit is only applicable to NATs having 'Receive | This limit is only applicable to NATs having 'Receive | |||
| Fragments Out of Order' behavior [RFC4787]." | Fragments Out of Order' behavior [RFC4787]." | |||
| ::= { natLimits 5 } | ::= { natLimits 5 } | |||
| natLimitSubscribers OBJECT-TYPE | ||||
| SYNTAX Unsigned32 | ||||
| MAX-ACCESS read-write | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Global limit on the number of subscribers with active mappings. | ||||
| Zero means unlimited." | ||||
| ::= { natLimits 6 } | ||||
| -- pools | -- pools | |||
| natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 } | natPoolObjects OBJECT IDENTIFIER ::= { natMIBObjects 13 } | |||
| natPoolTable OBJECT-TYPE | natPoolTable OBJECT-TYPE | |||
| SYNTAX SEQUENCE OF NatPoolEntry | SYNTAX SEQUENCE OF NatPoolEntry | |||
| MAX-ACCESS not-accessible | MAX-ACCESS not-accessible | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Table of pools." | "Table of pools." | |||
| skipping to change at page 72, line 33 | skipping to change at page 74, line 5 | |||
| natMappingAddressPooling OBJECT-TYPE | natMappingAddressPooling OBJECT-TYPE | |||
| SYNTAX NatPoolingType | SYNTAX NatPoolingType | |||
| MAX-ACCESS read-only | MAX-ACCESS read-only | |||
| STATUS current | STATUS current | |||
| DESCRIPTION | DESCRIPTION | |||
| "Type of address pooling behavior that was used to create this | "Type of address pooling behavior that was used to create this | |||
| mapping." | mapping." | |||
| ::= { natMappingTableEntry 13 } | ::= { natMappingTableEntry 13 } | |||
| -- subscribers | ||||
| natSubscribers OBJECT IDENTIFIER ::= { NatObjects 5 } | ||||
| natSubscribersTable OBJECT-TYPE | ||||
| SYNTAX SEQUENCE OF natSubscribersTableEntry | ||||
| MAX-ACCESS not-accessible | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Table of CGN subscribers." | ||||
| ::= { natSubscribers 1 } | ||||
| natSubscribersTableEntry OBJECT-TYPE | ||||
| SYNTAX natSubscribersTableEntry | ||||
| MAX-ACCESS not-accessible | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Each entry describes a single CGN subscriber." | ||||
| INDEX { natSubscriberIdentifierType, | ||||
| natSubscriberIdentifier } | ||||
| ::= { natSubscribersTable 1 } | ||||
| natSubscribersTableEntry ::= | ||||
| SEQUENCE { | ||||
| natSubscriberIdentifierType InetAddressType, | ||||
| natSubscriberIdentifier InetAddress, | ||||
| natSubscriberIntPrefixType InetAddressType, | ||||
| natSubscriberIntPrefix InetAddress, | ||||
| natSubscriberIntPrefixLength InetAddressPrefixLength, | ||||
| natSubscriberPool NatPoolIndex, | ||||
| natSubscriberCntTranslates Counter64, | ||||
| natSubscriberCntOOP Counter64, | ||||
| natSubscriberCntResource Counter64, | ||||
| natSubscriberCntStateMismatch Counter64, | ||||
| natSubscriberCntQuota Counter64, | ||||
| natSubscriberCntMappings Gauge32, | ||||
| natSubscriberCntMapCreations Counter64, | ||||
| natSubscriberCntMapRemovals Counter64, | ||||
| natSubscriberLimitMappings Unsigned32, | ||||
| natSubscriberMapNotifyThresh Unsigned32 | ||||
| } | ||||
| natSubscriberIdentifierType OBJECT-TYPE | ||||
| SYNTAX InetAddressType | ||||
| MAX-ACCESS not-accessible | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Address type of the subscriber identifier." | ||||
| ::= { natSubscribersTableEntry 1 } | ||||
| natSubscriberIdentifier OBJECT-TYPE | ||||
| SYNTAX InetAddress (SIZE (4|16)) | ||||
| MAX-ACCESS not-accessible | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Address used for uniquely identifying the subscriber. | ||||
| In traditional NAT, this is the internal address assigned to | ||||
| the CPE. In case an address range is assigned to a subscriber, | ||||
| the first address in the range is used as identifier. For | ||||
| tunnelled connectivity (e.g., DS-Lite [RFC6333]), the outer | ||||
| address is used as identifier (i.e., the IPv6 address in the | ||||
| case of DS-Lite)." | ||||
| ::= { natSubscribersTableEntry 2 } | ||||
| natSubscriberIntPrefixType OBJECT-TYPE | ||||
| SYNTAX InetAddressType | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Subscriber's internal prefix type." | ||||
| ::= { natSubscribersTableEntry 3 } | ||||
| natSubscriberIntPrefix OBJECT-TYPE | ||||
| SYNTAX InetAddress | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Prefix assigned to a subscriber's CPE." | ||||
| ::= { natSubscribersTableEntry 4 } | ||||
| natSubscriberIntPrefixLength OBJECT-TYPE | ||||
| SYNTAX InetAddressPrefixLength | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Length of the prefix assigned to a subscriber's CPE, in bits. | ||||
| In case a single address is assigned, this will be 32 for IPv4 | ||||
| and 128 for IPv6." | ||||
| ::= { natSubscribersTableEntry 5 } | ||||
| natSubscriberPool OBJECT-TYPE | ||||
| SYNTAX NatPoolIndex | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "External address pool to which this subscriber belongs." | ||||
| ::= { natSubscribersTableEntry 6 } | ||||
| natSubscriberCntTranslates OBJECT-TYPE | ||||
| SYNTAX Counter64 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "The number of packets received from or sent to this subscriber | ||||
| and to which NAT has been applied." | ||||
| ::= { natSubscribersTableEntry 7 } | ||||
| natSubscriberCntOOP OBJECT-TYPE | ||||
| SYNTAX Counter64 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "The number of packets received from this subscriber to which | ||||
| NAT could not be applied because no external port was | ||||
| available, excluding quota limitations." | ||||
| ::= { natSubscribersTableEntry 8 } | ||||
| natSubscriberCntResource OBJECT-TYPE | ||||
| SYNTAX Counter64 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "The number of packets received from this subscriber to which | ||||
| NAT could not be applied because of resource constraints | ||||
| (excluding out-of-ports condition)." | ||||
| ::= { natSubscribersTableEntry 9 } | ||||
| natSubscriberCntStateMismatch OBJECT-TYPE | ||||
| SYNTAX Counter64 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "The number of packets received from or destined to this | ||||
| subscriber to which NAT could not be applied because of mapping | ||||
| state mismatch. For example, a TCP packet that matches an | ||||
| existing mapping but is dropped because its flags are | ||||
| incompatible with the current state of the mapping would cause | ||||
| this counter to be incremented." | ||||
| ::= { natSubscribersTableEntry 10 } | ||||
| natSubscriberCntQuota OBJECT-TYPE | ||||
| SYNTAX Counter64 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "The number of packets received from or destined to this | ||||
| subscriber to which NAT could not be applied because of quota | ||||
| limitations. Quotas include absolute limits as well as limits | ||||
| on the rate of allocation." | ||||
| ::= { natSubscribersTableEntry 11 } | ||||
| natSubscriberCntMappings OBJECT-TYPE | ||||
| SYNTAX Gauge32 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Number of currently active mappings created by or for this | ||||
| subscriber. | ||||
| Equal to natSubscriberCntMapRemovals - | ||||
| natSubscriberCntMapCreations." | ||||
| ::= { natSubscribersTableEntry 12 } | ||||
| natSubscriberCntMapCreations OBJECT-TYPE | ||||
| SYNTAX Counter64 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Number of mappings created by or for this subscriber." | ||||
| ::= { natSubscribersTableEntry 13 } | ||||
| natSubscriberCntMapRemovals OBJECT-TYPE | ||||
| SYNTAX Counter64 | ||||
| MAX-ACCESS read-only | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Number of mappings removed by or for this subscriber." | ||||
| ::= { natSubscribersTableEntry 14 } | ||||
| natSubscriberLimitMappings OBJECT-TYPE | ||||
| SYNTAX Unsigned32 | ||||
| MAX-ACCESS read-write | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "Limit on the number of active mappings created by or for this | ||||
| subscriber. Zero means unlimited." | ||||
| ::= { natSubscribersTableEntry 15 } | ||||
| natSubscriberMapNotifyThresh OBJECT-TYPE | ||||
| SYNTAX Unsigned32 | ||||
| MAX-ACCESS read-write | ||||
| STATUS current | ||||
| DESCRIPTION | ||||
| "See NatNotifSubscriberMappings." | ||||
| ::= { natSubscribersTableEntry 16 } | ||||
| END | END | |||
| 5. Security Considerations | 5. Security Considerations | |||
| Unauthorized access to the write-able objects could cause a denial of | Unauthorized access to the write-able objects could cause a denial of | |||
| service and/or widespread network disturbance. Hence, the support | service and/or widespread network disturbance. Hence, the support | |||
| for SET operations in a non-secure environment without proper | for SET operations in a non-secure environment without proper | |||
| protection can have a negative effect on network operations. | protection can have a negative effect on network operations. | |||
| At this writing, no security holes have been identified beyond those | At this writing, no security holes have been identified beyond those | |||
| End of changes. 13 change blocks. | ||||
| 12 lines changed or deleted | 277 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||