draft-ietf-ipv6-inet-tunnel-mib-02.txt   draft-ietf-ipv6-inet-tunnel-mib-03.txt 
Network Working Group D. Thaler Network Working Group D. Thaler
INTERNET-DRAFT Microsoft INTERNET-DRAFT Microsoft
Expires February 2005 August 2004 Expires April 2005 October 2004
IP Tunnel MIB IP Tunnel MIB
<draft-ietf-ipv6-inet-tunnel-mib-02.txt> <draft-ietf-ipv6-inet-tunnel-mib-03.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, I certify that any applicable
patent or other IPR claims of which I am aware have been patent or other IPR claims of which I am aware have been
disclosed, or will be disclosed, and any of which I become aware disclosed, or will be disclosed, and any of which I become aware
will be disclosed, in accordance with RFC 3668. will be disclosed, in accordance with RFC 3668.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 2, line 5 skipping to change at page 2, line 5
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
Abstract Abstract
This memo defines a Management Information Base (MIB) module for This memo defines a Management Information Base (MIB) module for
use with network management protocols in the Internet community. use with network management protocols in the Internet community.
In particular, it describes managed objects used for managing In particular, it describes managed objects used for managing
tunnels of any type over IPv4 and IPv6 networks. Extension MIB tunnels of any type over IPv4 and IPv6 networks. Extension MIB
modules may be designed for managing protocol-specific objects. modules may be designed for managing protocol-specific objects.
Likewise, extension MIB modules may be designed for managing Likewise, extension MIB modules may be designed for managing
security-specific objects. This MIB module does not support security-specific objects. This MIB module does not support
skipping to change at page 2, line 35 skipping to change at page 2, line 35
early discussion of the model and examples). This document early discussion of the model and examples). This document
describes a Management Information Base (MIB) module used for describes a Management Information Base (MIB) module used for
managing tunnels of any type over IPv4 and IPv6 networks, managing tunnels of any type over IPv4 and IPv6 networks,
including GRE [RFC1701,RFC1702], IP-in-IP [RFC2003], Minimal including GRE [RFC1701,RFC1702], IP-in-IP [RFC2003], Minimal
Encapsulation [RFC2004], L2TP [RFC2661], PPTP [RFC2637], L2F Encapsulation [RFC2004], L2TP [RFC2661], PPTP [RFC2637], L2F
[RFC2341], UDP (e.g., [RFC1234]), ATMP [RFC2107], and IPv6-in-IPv4 [RFC2341], UDP (e.g., [RFC1234]), ATMP [RFC2107], and IPv6-in-IPv4
[RFC2893] tunnels, among others. [RFC2893] tunnels, among others.
Extension MIB modules may be designed for managing protocol- Extension MIB modules may be designed for managing protocol-
specific objects. Likewise, extension MIB modules may be designed specific objects. Likewise, extension MIB modules may be designed
for managing security-specific objects (e.g., IPSEC [RFC2401]), for managing security-specific objects (e.g., IPsec [RFC2401]),
and traffic conditioner [RFC2474] objects. and traffic conditioner [RFC2474] objects.
2. The Internet-Standard Management Framework 2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 Internet-Standard Management Framework, please refer to section 7
of RFC 3410 [RFC3410]. of RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, Managed objects are accessed via a virtual information store,
termed the Management Information Base or MIB. MIB objects are termed the Management Information Base or MIB. MIB objects are
generally accessed through the Simple Network Management Protocol generally accessed through the Simple Network Management Protocol
(SNMP). Objects in the MIB are defined using the mechanisms (SNMP). Objects in the MIB are defined using the mechanisms
defined in the Structure of Management Information (SMI). This defined in the Structure of Management Information (SMI). This
memo specifies a MIB module that is compliant to the SMIv2, which memo specifies a MIB module that is compliant to the SMIv2, which
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579
[RFC2579] and STD 58, RFC 2580 [RFC2580]. [RFC2579] and STD 58, RFC 2580 [RFC2580].
3. Overview 3. Overview
This MIB module contains two current tables and one deprecated This MIB module contains two current tables and one deprecated
table. The current tables are: table. The current tables are:
o the Tunnel Interface Table, containing information on the o the Tunnel Interface Table, containing information on the
skipping to change at page 4, line 5 skipping to change at page 4, line 5
correlated, using the ifStack table of the Interfaces MIB, to correlated, using the ifStack table of the Interfaces MIB, to
those interfaces on which the local IPv4 or IPv6 addresses of the those interfaces on which the local IPv4 or IPv6 addresses of the
tunnels are configured. The basic model, therefore, looks tunnels are configured. The basic model, therefore, looks
something like this (for example): something like this (for example):
| | | | | | | | | | | |
+--+ +---+ +--+ +---+ | | +--+ +---+ +--+ +---+ | |
|IP-in-IP| | GRE | | | |IP-in-IP| | GRE | | |
| tunnel | | tunnel | | | | tunnel | | tunnel | | |
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
+--+ +---+ +--+ +---+ | | +--+ +---+ +--+ +---+ | |
| | | | | | <== attachment to underlying | | | | | | <== attachment to underlying
+--+ +---------+ +----------+ +--+ interfaces, to be provided +--+ +---------+ +----------+ +--+ interfaces, to be provided
| Physical interface | by ifStack table | Physical interface | by ifStack table
+--------------------------------+ +--------------------------------+
3.1.2. ifRcvAddressTable 3.1.2. ifRcvAddressTable
The ifRcvAddressTable usage can be defined in the MIB modules The ifRcvAddressTable usage can be defined in the MIB modules
skipping to change at page 5, line 5 skipping to change at page 5, line 5
important design decision. Traditionally, ifIndex values are important design decision. Traditionally, ifIndex values are
chosen by agents, and are permitted to change across restarts. chosen by agents, and are permitted to change across restarts.
Allowing row creation directly in the Tunnel Interface Table, Allowing row creation directly in the Tunnel Interface Table,
indexed by ifIndex, would complicate row creation and/or cause indexed by ifIndex, would complicate row creation and/or cause
interoperability problems (if each agent had special restrictions interoperability problems (if each agent had special restrictions
on ifIndex). Instead, a separate table is used which is indexed on ifIndex). Instead, a separate table is used which is indexed
only by objects over which the manager has control. Namely, these only by objects over which the manager has control. Namely, these
are the addresses of the tunnel endpoints and the encapsulation are the addresses of the tunnel endpoints and the encapsulation
protocol. Finally, an additional manager- chosen ID is used in protocol. Finally, an additional manager- chosen ID is used in
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
the index to support protocols such as L2F which allow multiple the index to support protocols such as L2F which allow multiple
tunnels between the same endpoints. tunnels between the same endpoints.
4. Definitions 4. Definitions
TUNNEL-MIB DEFINITIONS ::= BEGIN TUNNEL-MIB DEFINITIONS ::= BEGIN
IMPORTS IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, transmission, MODULE-IDENTITY, OBJECT-TYPE, transmission,
skipping to change at page 5, line 34 skipping to change at page 5, line 34
InetAddress FROM INET-ADDRESS-MIB -- [RFC3291] InetAddress FROM INET-ADDRESS-MIB -- [RFC3291]
IPv6FlowLabelOrAny FROM IPV6-FLOW-LABEL-MIB -- [RFC3595] IPv6FlowLabelOrAny FROM IPV6-FLOW-LABEL-MIB -- [RFC3595]
ifIndex, ifIndex,
InterfaceIndexOrZero FROM IF-MIB -- [RFC2863] InterfaceIndexOrZero FROM IF-MIB -- [RFC2863]
IANAtunnelType FROM IANAifType-MIB; -- [IFTYPE] IANAtunnelType FROM IANAifType-MIB; -- [IFTYPE]
tunnelMIB MODULE-IDENTITY tunnelMIB MODULE-IDENTITY
LAST-UPDATED "200408031200Z" -- August 3, 2004 LAST-UPDATED "200410161200Z" -- October 16, 2004
ORGANIZATION "IETF IP Version 6 (IPv6) Working Group" ORGANIZATION "IETF IP Version 6 (IPv6) Working Group"
CONTACT-INFO CONTACT-INFO
" Dave Thaler " Dave Thaler
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052-6399 Redmond, WA 98052-6399
EMail: dthaler@microsoft.com" EMail: dthaler@microsoft.com"
DESCRIPTION DESCRIPTION
"The MIB module for management of IP Tunnels, "The MIB module for management of IP Tunnels,
independent of the specific encapsulation scheme in independent of the specific encapsulation scheme in
use. use.
Copyright (C) The Internet Society (date). This Copyright (C) The Internet Society (date). This
version of this MIB module is part of RFC yyyy; see version of this MIB module is part of RFC yyyy; see
the RFC itself for full legal notices." the RFC itself for full legal notices."
-- RFC Ed.: replace yyyy with actual RFC number & remove this note -- RFC Ed.: replace yyyy with actual RFC number & remove this note
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
REVISION "200408031200Z" -- August 3, 2004 REVISION "200410161200Z" -- October 16, 2004
DESCRIPTION DESCRIPTION
"IPv4-specific objects were deprecated, including "IPv4-specific objects were deprecated, including
tunnelIfLocalAddress, tunnelIfRemoteAddress, the tunnelIfLocalAddress, tunnelIfRemoteAddress, the
tunnelConfigTable, and the tunnelMIBBasicGroup. tunnelConfigTable, and the tunnelMIBBasicGroup.
Added IP version-agnostic objects that should be used Added IP version-agnostic objects that should be used
instead, including tunnelIfAddressType, instead, including tunnelIfAddressType,
tunnelIfLocalInetAddress, tunnelIfRemoteInetAddress, tunnelIfLocalInetAddress, tunnelIfRemoteInetAddress,
the tunnelInetConfigTable, and the the tunnelInetConfigTable, and the
tunnelIMIBInetGroup. tunnelIMIBInetGroup.
skipping to change at page 7, line 5 skipping to change at page 7, line 5
-- the IP Tunnel MIB-Group -- the IP Tunnel MIB-Group
-- --
-- a collection of objects providing information about -- a collection of objects providing information about
-- IP Tunnels -- IP Tunnels
tunnelIfTable OBJECT-TYPE tunnelIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TunnelIfEntry SYNTAX SEQUENCE OF TunnelIfEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The (conceptual) table containing information on "The (conceptual) table containing information on
configured tunnels." configured tunnels."
::= { tunnel 1 } ::= { tunnel 1 }
tunnelIfEntry OBJECT-TYPE tunnelIfEntry OBJECT-TYPE
SYNTAX TunnelIfEntry SYNTAX TunnelIfEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
skipping to change at page 7, line 33 skipping to change at page 7, line 33
TunnelIfEntry ::= SEQUENCE { TunnelIfEntry ::= SEQUENCE {
tunnelIfLocalAddress IpAddress, -- deprecated tunnelIfLocalAddress IpAddress, -- deprecated
tunnelIfRemoteAddress IpAddress, -- deprecated tunnelIfRemoteAddress IpAddress, -- deprecated
tunnelIfEncapsMethod IANAtunnelType, tunnelIfEncapsMethod IANAtunnelType,
tunnelIfHopLimit Integer32, tunnelIfHopLimit Integer32,
tunnelIfSecurity INTEGER, tunnelIfSecurity INTEGER,
tunnelIfTOS Integer32, tunnelIfTOS Integer32,
tunnelIfFlowLabel IPv6FlowLabelOrAny, tunnelIfFlowLabel IPv6FlowLabelOrAny,
tunnelIfAddressType InetAddressType, tunnelIfAddressType InetAddressType,
tunnelIfLocalInetAddress InetAddress, tunnelIfLocalInetAddress InetAddress,
tunnelIfRemoteInetAddress InetAddress tunnelIfRemoteInetAddress InetAddress,
tunnelIfEncapsLimit Integer32
} }
tunnelIfLocalAddress OBJECT-TYPE tunnelIfLocalAddress OBJECT-TYPE
SYNTAX IpAddress SYNTAX IpAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The address of the local endpoint of the tunnel "The address of the local endpoint of the tunnel
(i.e., the source address used in the outer IP (i.e., the source address used in the outer IP
header), or 0.0.0.0 if unknown or if the tunnel is header), or 0.0.0.0 if unknown or if the tunnel is
over IPv6. over IPv6.
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
deprecated in favor of tunnelIfLocalInetAddress." deprecated in favor of tunnelIfLocalInetAddress."
::= { tunnelIfEntry 1 } ::= { tunnelIfEntry 1 }
tunnelIfRemoteAddress OBJECT-TYPE tunnelIfRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
SYNTAX IpAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The address of the remote endpoint of the tunnel "The address of the remote endpoint of the tunnel
(i.e., the destination address used in the outer IP (i.e., the destination address used in the outer IP
header), or 0.0.0.0 if unknown, or an IPv6 address, or header), or 0.0.0.0 if unknown, or an IPv6 address, or
the tunnel is not a point-to-point link (e.g., if it the tunnel is not a point-to-point link (e.g., if it
is a 6to4 tunnel). is a 6to4 tunnel).
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
skipping to change at page 8, line 41 skipping to change at page 8, line 42
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The IPv4 TTL or IPv6 Hop Limit to use in the outer IP "The IPv4 TTL or IPv6 Hop Limit to use in the outer IP
header. A value of 0 indicates that the value is header. A value of 0 indicates that the value is
copied from the payload's header." copied from the payload's header."
::= { tunnelIfEntry 4 } ::= { tunnelIfEntry 4 }
tunnelIfSecurity OBJECT-TYPE tunnelIfSecurity OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
none(1), -- no security none(1), -- no security
ipsec(2), -- IPSEC security ipsec(2), -- IPsec security
other(3) other(3)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The method used by the tunnel to secure the outer IP "The method used by the tunnel to secure the outer IP
header. The value ipsec indicates that IPsec is used header. The value ipsec indicates that IPsec is used
between the tunnel endpoints for authentication or between the tunnel endpoints for authentication or
encryption or both. More specific security-related encryption or both. More specific security-related
information may be available in a MIB module for the
Draft Inet Tunnel MIB August 2004 Draft Inet Tunnel MIB October 2004
information may be available in a MIB module for the
security protocol in use." security protocol in use."
::= { tunnelIfEntry 5 } ::= { tunnelIfEntry 5 }
tunnelIfTOS OBJECT-TYPE tunnelIfTOS OBJECT-TYPE
SYNTAX Integer32 (-2..63) SYNTAX Integer32 (-2..63)
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The method used to set the high 6 bits (the "The method used to set the high 6 bits (the
differentiated services codepoint) of the IPv4 TOS or differentiated services codepoint) of the IPv4 TOS or
IPv6 Traffic Class in the outer IP header. A value of IPv6 Traffic Class in the outer IP header. A value of
-1 indicates that the bits are copied from the -1 indicates that the bits are copied from the
payload's header. A value of -2 indicates that a payload's header. A value of -2 indicates that a
traffic conditioner is invoked and more information traffic conditioner is invoked and more information
may be available in a traffic conditioner MIB module. may be available in a traffic conditioner MIB module.
A value between 0 and 63 inclusive indicates that the A value between 0 and 63 inclusive indicates that the
bit field is set to the indicated value." bit field is set to the indicated value.
Note: instead of the name tunnelIfTOS, a better name
would have been tunnelIfDSCPMethod, but the existing
name appeared in RFC 2776 and existing objects cannot
be renamed."
::= { tunnelIfEntry 6 } ::= { tunnelIfEntry 6 }
tunnelIfFlowLabel OBJECT-TYPE tunnelIfFlowLabel OBJECT-TYPE
SYNTAX IPv6FlowLabelOrAny SYNTAX IPv6FlowLabelOrAny
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The method used to set the IPv6 Flow Label value. "The method used to set the IPv6 Flow Label value.
This object need not be present in rows where This object need not be present in rows where
tunnelIfAddressType indicates the tunnel is not over tunnelIfAddressType indicates the tunnel is not over
skipping to change at page 9, line 46 skipping to change at page 10, line 4
available in a traffic conditioner MIB. Any other available in a traffic conditioner MIB. Any other
value indicates that the Flow Label field is set to value indicates that the Flow Label field is set to
the indicated value." the indicated value."
::= { tunnelIfEntry 7 } ::= { tunnelIfEntry 7 }
tunnelIfAddressType OBJECT-TYPE tunnelIfAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
Draft Inet Tunnel MIB October 2004
"The type of address in the corresponding "The type of address in the corresponding
tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress
objects." objects."
::= { tunnelIfEntry 8 } ::= { tunnelIfEntry 8 }
tunnelIfLocalInetAddress OBJECT-TYPE tunnelIfLocalInetAddress OBJECT-TYPE
Draft Inet Tunnel MIB August 2004
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The address of the local endpoint of the tunnel "The address of the local endpoint of the tunnel
(i.e., the source address used in the outer IP (i.e., the source address used in the outer IP
header). If the address is unknown, the value is header). If the address is unknown, the value is
0.0.0.0 for IPv4 or :: for IPv6. The type of this 0.0.0.0 for IPv4 or :: for IPv6. The type of this
object is given by tunnelIfAddressType." object is given by tunnelIfAddressType."
::= { tunnelIfEntry 9 } ::= { tunnelIfEntry 9 }
skipping to change at page 10, line 32 skipping to change at page 10, line 38
DESCRIPTION DESCRIPTION
"The address of the remote endpoint of the tunnel "The address of the remote endpoint of the tunnel
(i.e., the destination address used in the outer IP (i.e., the destination address used in the outer IP
header). If the address is unknown or the tunnel is header). If the address is unknown or the tunnel is
not a point-to-point link (e.g., if it is a 6to4 not a point-to-point link (e.g., if it is a 6to4
tunnel), the value is 0.0.0.0 for tunnels over IPv4 or tunnel), the value is 0.0.0.0 for tunnels over IPv4 or
:: for tunnels over IPv6. The type of this object is :: for tunnels over IPv6. The type of this object is
given by tunnelIfAddressType." given by tunnelIfAddressType."
::= { tunnelIfEntry 10 } ::= { tunnelIfEntry 10 }
tunnelIfEncapsLimit OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximum number of additional encapsulations
permitted for packets undergoing encapsulation at this
node. A value of -1 indicates that no limit is
present (except as a result of the packet size)."
REFERENCE "RFC 2473, section 4.1.1"
::= { tunnelIfEntry 11 }
tunnelConfigTable OBJECT-TYPE tunnelConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TunnelConfigEntry SYNTAX SEQUENCE OF TunnelConfigEntry
Draft Inet Tunnel MIB October 2004
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The (conceptual) table containing information on "The (conceptual) table containing information on
configured tunnels. This table can be used to map a configured tunnels. This table can be used to map a
set of tunnel endpoints to the associated ifIndex set of tunnel endpoints to the associated ifIndex
value. It can also be used for row creation. Note value. It can also be used for row creation. Note
that every row in the tunnelIfTable with a fixed IPv4 that every row in the tunnelIfTable with a fixed IPv4
destination address should have a corresponding row in destination address should have a corresponding row in
the tunnelConfigTable, regardless of whether it was the tunnelConfigTable, regardless of whether it was
created via SNMP. created via SNMP.
Since this table does not support IPv6, it is Since this table does not support IPv6, it is
deprecated in favor of tunnelInetConfigTable." deprecated in favor of tunnelInetConfigTable."
::= { tunnel 2 } ::= { tunnel 2 }
tunnelConfigEntry OBJECT-TYPE tunnelConfigEntry OBJECT-TYPE
SYNTAX TunnelConfigEntry SYNTAX TunnelConfigEntry
Draft Inet Tunnel MIB August 2004
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"An entry (conceptual row) containing the information "An entry (conceptual row) containing the information
on a particular configured tunnel. on a particular configured tunnel.
Since this entry does not support IPv6, it is Since this entry does not support IPv6, it is
deprecated in favor of tunnelInetConfigEntry." deprecated in favor of tunnelInetConfigEntry."
INDEX { tunnelConfigLocalAddress, INDEX { tunnelConfigLocalAddress,
tunnelConfigRemoteAddress, tunnelConfigRemoteAddress,
skipping to change at page 11, line 34 skipping to change at page 12, line 4
tunnelConfigEncapsMethod IANAtunnelType, tunnelConfigEncapsMethod IANAtunnelType,
tunnelConfigID Integer32, tunnelConfigID Integer32,
tunnelConfigIfIndex InterfaceIndexOrZero, tunnelConfigIfIndex InterfaceIndexOrZero,
tunnelConfigStatus RowStatus tunnelConfigStatus RowStatus
} }
tunnelConfigLocalAddress OBJECT-TYPE tunnelConfigLocalAddress OBJECT-TYPE
SYNTAX IpAddress SYNTAX IpAddress
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
Draft Inet Tunnel MIB October 2004
DESCRIPTION DESCRIPTION
"The address of the local endpoint of the tunnel, or "The address of the local endpoint of the tunnel, or
0.0.0.0 if the device is free to choose any of its 0.0.0.0 if the device is free to choose any of its
addresses at tunnel establishment time. addresses at tunnel establishment time.
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigLocalAddress." deprecated in favor of tunnelInetConfigLocalAddress."
::= { tunnelConfigEntry 1 } ::= { tunnelConfigEntry 1 }
tunnelConfigRemoteAddress OBJECT-TYPE tunnelConfigRemoteAddress OBJECT-TYPE
SYNTAX IpAddress SYNTAX IpAddress
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The address of the remote endpoint of the tunnel. "The address of the remote endpoint of the tunnel.
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigRemoteAddress." deprecated in favor of tunnelInetConfigRemoteAddress."
Draft Inet Tunnel MIB August 2004
::= { tunnelConfigEntry 2 } ::= { tunnelConfigEntry 2 }
tunnelConfigEncapsMethod OBJECT-TYPE tunnelConfigEncapsMethod OBJECT-TYPE
SYNTAX IANAtunnelType SYNTAX IANAtunnelType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The encapsulation method used by the tunnel. "The encapsulation method used by the tunnel.
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
skipping to change at page 12, line 34 skipping to change at page 13, line 4
DESCRIPTION DESCRIPTION
"An identifier used to distinguish between multiple "An identifier used to distinguish between multiple
tunnels of the same encapsulation method, with the tunnels of the same encapsulation method, with the
same endpoints. If the encapsulation protocol only same endpoints. If the encapsulation protocol only
allows one tunnel per set of endpoint addresses (such allows one tunnel per set of endpoint addresses (such
as for GRE or IP-in-IP), the value of this object is as for GRE or IP-in-IP), the value of this object is
1. For encapsulation methods (such as L2F) which 1. For encapsulation methods (such as L2F) which
allow multiple parallel tunnels, the manager is allow multiple parallel tunnels, the manager is
responsible for choosing any ID which does not responsible for choosing any ID which does not
conflict with an existing row, such as choosing a conflict with an existing row, such as choosing a
Draft Inet Tunnel MIB October 2004
random number. random number.
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigID." deprecated in favor of tunnelInetConfigID."
::= { tunnelConfigEntry 4 } ::= { tunnelConfigEntry 4 }
tunnelConfigIfIndex OBJECT-TYPE tunnelConfigIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"If the value of tunnelConfigStatus for this row is "If the value of tunnelConfigStatus for this row is
active, then this object contains the value of ifIndex active, then this object contains the value of ifIndex
corresponding to the tunnel interface. A value of 0 corresponding to the tunnel interface. A value of 0
is not legal in the active state, and means that the is not legal in the active state, and means that the
interface index has not yet been assigned. interface index has not yet been assigned.
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
Draft Inet Tunnel MIB August 2004
deprecated in favor of tunnelInetConfigIfIndex." deprecated in favor of tunnelInetConfigIfIndex."
::= { tunnelConfigEntry 5 } ::= { tunnelConfigEntry 5 }
tunnelConfigStatus OBJECT-TYPE tunnelConfigStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The status of this row, by which new entries may be "The status of this row, by which new entries may be
created, or old entries deleted from this table. The created, or old entries deleted from this table. The
skipping to change at page 13, line 34 skipping to change at page 14, line 4
To create a row in this table for an encapsulation To create a row in this table for an encapsulation
method which does not support multiple parallel method which does not support multiple parallel
tunnels with the same endpoints, the management tunnels with the same endpoints, the management
station should simply use a tunnelConfigID of 1, and station should simply use a tunnelConfigID of 1, and
set tunnelConfigStatus to createAndGo. For set tunnelConfigStatus to createAndGo. For
encapsulation methods such as L2F which allow multiple encapsulation methods such as L2F which allow multiple
parallel tunnels, the management station may select a parallel tunnels, the management station may select a
pseudo-random number to use as the tunnelConfigID and pseudo-random number to use as the tunnelConfigID and
set tunnelConfigStatus to createAndGo. In the event set tunnelConfigStatus to createAndGo. In the event
that this ID is already in use and an that this ID is already in use and an
Draft Inet Tunnel MIB October 2004
inconsistentValue is returned in response to the set inconsistentValue is returned in response to the set
operation, the management station should simply select operation, the management station should simply select
a new pseudo-random number and retry the operation. a new pseudo-random number and retry the operation.
Creating a row in this table will cause an interface Creating a row in this table will cause an interface
index to be assigned by the agent in an index to be assigned by the agent in an
implementation-dependent manner, and corresponding implementation-dependent manner, and corresponding
rows will be instantiated in the ifTable and the rows will be instantiated in the ifTable and the
tunnelIfTable. The status of this row will become tunnelIfTable. The status of this row will become
active as soon as the agent assigns the interface active as soon as the agent assigns the interface
index, regardless of whether the interface is index, regardless of whether the interface is
operationally up. operationally up.
Deleting a row in this table will likewise delete the Deleting a row in this table will likewise delete the
corresponding row in the ifTable and in the corresponding row in the ifTable and in the
tunnelIfTable. tunnelIfTable.
Since this object does not support IPv6, it is Since this object does not support IPv6, it is
Draft Inet Tunnel MIB August 2004
deprecated in favor of tunnelInetConfigStatus." deprecated in favor of tunnelInetConfigStatus."
::= { tunnelConfigEntry 6 } ::= { tunnelConfigEntry 6 }
tunnelInetConfigTable OBJECT-TYPE tunnelInetConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TunnelInetConfigEntry SYNTAX SEQUENCE OF TunnelInetConfigEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The (conceptual) table containing information on "The (conceptual) table containing information on
configured tunnels. This table can be used to map a configured tunnels. This table can be used to map a
skipping to change at page 14, line 34 skipping to change at page 15, line 4
tunnelInetConfigEntry OBJECT-TYPE tunnelInetConfigEntry OBJECT-TYPE
SYNTAX TunnelInetConfigEntry SYNTAX TunnelInetConfigEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An entry (conceptual row) containing the information "An entry (conceptual row) containing the information
on a particular configured tunnel. Note that there is on a particular configured tunnel. Note that there is
a 128 subid maximum for object OIDs. Implementers a 128 subid maximum for object OIDs. Implementers
need to be aware that if the total number of octets in need to be aware that if the total number of octets in
Draft Inet Tunnel MIB October 2004
tunnelInetConfigLocalAddress and tunnelInetConfigLocalAddress and
tunnelInetConfigRemoteAddress exceeds 110 then OIDs of tunnelInetConfigRemoteAddress exceeds 110 then OIDs of
column instances in this table will have more than 128 column instances in this table will have more than 128
sub-identifiers and cannot be accessed using SNMPv1, sub-identifiers and cannot be accessed using SNMPv1,
SNMPv2c, or SNMPv3. In practice this is not expected SNMPv2c, or SNMPv3. In practice this is not expected
to be a problem since IPv4 and IPv6 addresses will not to be a problem since IPv4 and IPv6 addresses will not
cause the limit to be reached, but if other types are cause the limit to be reached, but if other types are
supported by an agent, care must be taken to ensure supported by an agent, care must be taken to ensure
that the sum of the lengths do not cause the limit to that the sum of the lengths do not cause the limit to
be exceeded." be exceeded."
INDEX { tunnelInetConfigAddressType, INDEX { tunnelInetConfigAddressType,
tunnelInetConfigLocalAddress, tunnelInetConfigLocalAddress,
tunnelInetConfigRemoteAddress, tunnelInetConfigRemoteAddress,
tunnelInetConfigEncapsMethod, tunnelInetConfigEncapsMethod,
tunnelInetConfigID } tunnelInetConfigID }
::= { tunnelInetConfigTable 1 } ::= { tunnelInetConfigTable 1 }
TunnelInetConfigEntry ::= SEQUENCE { TunnelInetConfigEntry ::= SEQUENCE {
Draft Inet Tunnel MIB August 2004
tunnelInetConfigAddressType InetAddressType, tunnelInetConfigAddressType InetAddressType,
tunnelInetConfigLocalAddress InetAddress, tunnelInetConfigLocalAddress InetAddress,
tunnelInetConfigRemoteAddress InetAddress, tunnelInetConfigRemoteAddress InetAddress,
tunnelInetConfigEncapsMethod IANAtunnelType, tunnelInetConfigEncapsMethod IANAtunnelType,
tunnelInetConfigID Integer32, tunnelInetConfigID Integer32,
tunnelInetConfigIfIndex InterfaceIndexOrZero, tunnelInetConfigIfIndex InterfaceIndexOrZero,
tunnelInetConfigStatus RowStatus, tunnelInetConfigStatus RowStatus,
tunnelInetConfigStorageType StorageType tunnelInetConfigStorageType StorageType
} }
skipping to change at page 15, line 34 skipping to change at page 16, line 4
::= { tunnelInetConfigEntry 1 } ::= { tunnelInetConfigEntry 1 }
tunnelInetConfigLocalAddress OBJECT-TYPE tunnelInetConfigLocalAddress OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The address of the local endpoint of the tunnel, or "The address of the local endpoint of the tunnel, or
0.0.0.0 (for IPv4) or :: (for IPv6) if the device is 0.0.0.0 (for IPv4) or :: (for IPv6) if the device is
free to choose any of its addresses at tunnel free to choose any of its addresses at tunnel
Draft Inet Tunnel MIB October 2004
establishment time." establishment time."
::= { tunnelInetConfigEntry 2 } ::= { tunnelInetConfigEntry 2 }
tunnelInetConfigRemoteAddress OBJECT-TYPE tunnelInetConfigRemoteAddress OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The address of the remote endpoint of the tunnel." "The address of the remote endpoint of the tunnel."
::= { tunnelInetConfigEntry 3 } ::= { tunnelInetConfigEntry 3 }
tunnelInetConfigEncapsMethod OBJECT-TYPE tunnelInetConfigEncapsMethod OBJECT-TYPE
SYNTAX IANAtunnelType SYNTAX IANAtunnelType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The encapsulation method used by the tunnel." "The encapsulation method used by the tunnel."
::= { tunnelInetConfigEntry 4 } ::= { tunnelInetConfigEntry 4 }
Draft Inet Tunnel MIB August 2004
tunnelInetConfigID OBJECT-TYPE tunnelInetConfigID OBJECT-TYPE
SYNTAX Integer32 (1..2147483647) SYNTAX Integer32 (1..2147483647)
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"An identifier used to distinguish between multiple "An identifier used to distinguish between multiple
tunnels of the same encapsulation method, with the tunnels of the same encapsulation method, with the
same endpoints. If the encapsulation protocol only same endpoints. If the encapsulation protocol only
allows one tunnel per set of endpoint addresses (such allows one tunnel per set of endpoint addresses (such
as for GRE or IP-in-IP), the value of this object is as for GRE or IP-in-IP), the value of this object is
skipping to change at page 16, line 33 skipping to change at page 17, line 4
tunnelInetConfigIfIndex OBJECT-TYPE tunnelInetConfigIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"If the value of tunnelInetConfigStatus for this row "If the value of tunnelInetConfigStatus for this row
is active, then this object contains the value of is active, then this object contains the value of
ifIndex corresponding to the tunnel interface. A ifIndex corresponding to the tunnel interface. A
value of 0 is not legal in the active state, and means value of 0 is not legal in the active state, and means
Draft Inet Tunnel MIB October 2004
that the interface index has not yet been assigned." that the interface index has not yet been assigned."
::= { tunnelInetConfigEntry 6 } ::= { tunnelInetConfigEntry 6 }
tunnelInetConfigStatus OBJECT-TYPE tunnelInetConfigStatus OBJECT-TYPE
SYNTAX RowStatus SYNTAX RowStatus
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The status of this row, by which new entries may be "The status of this row, by which new entries may be
created, or old entries deleted from this table. The created, or old entries deleted from this table. The
agent need not support setting this object to agent need not support setting this object to
createAndWait or notInService since there are no other createAndWait or notInService since there are no other
writable objects in this table, and writable objects writable objects in this table, and writable objects
in rows of corresponding tables such as the in rows of corresponding tables such as the
tunnelIfTable may be modified while this row is tunnelIfTable may be modified while this row is
active. active.
To create a row in this table for an encapsulation To create a row in this table for an encapsulation
method which does not support multiple parallel method which does not support multiple parallel
Draft Inet Tunnel MIB August 2004
tunnels with the same endpoints, the management tunnels with the same endpoints, the management
station should simply use a tunnelInetConfigID of 1, station should simply use a tunnelInetConfigID of 1,
and set tunnelInetConfigStatus to createAndGo. For and set tunnelInetConfigStatus to createAndGo. For
encapsulation methods such as L2F which allow multiple encapsulation methods such as L2F which allow multiple
parallel tunnels, the management station may select a parallel tunnels, the management station may select a
pseudo-random number to use as the tunnelInetConfigID pseudo-random number to use as the tunnelInetConfigID
and set tunnelInetConfigStatus to createAndGo. In the and set tunnelInetConfigStatus to createAndGo. In the
event that this ID is already in use and an event that this ID is already in use and an
inconsistentValue is returned in response to the set inconsistentValue is returned in response to the set
operation, the management station should simply select operation, the management station should simply select
skipping to change at page 17, line 33 skipping to change at page 18, line 5
tunnelIfTable. The status of this row will become tunnelIfTable. The status of this row will become
active as soon as the agent assigns the interface active as soon as the agent assigns the interface
index, regardless of whether the interface is index, regardless of whether the interface is
operationally up. operationally up.
Deleting a row in this table will likewise delete the Deleting a row in this table will likewise delete the
corresponding row in the ifTable and in the corresponding row in the ifTable and in the
tunnelIfTable." tunnelIfTable."
::= { tunnelInetConfigEntry 7 } ::= { tunnelInetConfigEntry 7 }
Draft Inet Tunnel MIB October 2004
tunnelInetConfigStorageType OBJECT-TYPE tunnelInetConfigStorageType OBJECT-TYPE
SYNTAX StorageType SYNTAX StorageType
MAX-ACCESS read-create MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The storage type of this row. If the row is "The storage type of this row. If the row is
permanent(4), no objects in the row need be writable." permanent(4), no objects in the row need be writable."
::= { tunnelInetConfigEntry 8 } ::= { tunnelInetConfigEntry 8 }
-- conformance information -- conformance information
tunnelMIBConformance tunnelMIBConformance
OBJECT IDENTIFIER ::= { tunnelMIB 2 } OBJECT IDENTIFIER ::= { tunnelMIB 2 }
tunnelMIBCompliances tunnelMIBCompliances
OBJECT IDENTIFIER ::= { tunnelMIBConformance 1 } OBJECT IDENTIFIER ::= { tunnelMIBConformance 1 }
tunnelMIBGroups OBJECT IDENTIFIER ::= { tunnelMIBConformance 2 } tunnelMIBGroups OBJECT IDENTIFIER ::= { tunnelMIBConformance 2 }
-- compliance statements -- compliance statements
Draft Inet Tunnel MIB August 2004
tunnelMIBCompliance MODULE-COMPLIANCE tunnelMIBCompliance MODULE-COMPLIANCE
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"The (deprecated) IPv4-only compliance statement for "The (deprecated) IPv4-only compliance statement for
the IP Tunnel MIB. the IP Tunnel MIB.
This is deprecated in favor of This is deprecated in favor of
tunnelMIBInetReadWriteCompliance and tunnelMIBInetFullCompliance and
tunnelMIBInetReadOnlyCompliance." tunnelMIBInetReadOnlyCompliance."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { tunnelMIBBasicGroup } MANDATORY-GROUPS { tunnelMIBBasicGroup }
OBJECT tunnelIfHopLimit OBJECT tunnelIfHopLimit
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
OBJECT tunnelIfTOS OBJECT tunnelIfTOS
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
OBJECT tunnelConfigStatus OBJECT tunnelConfigStatus
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
Draft Inet Tunnel MIB October 2004
::= { tunnelMIBCompliances 1 } ::= { tunnelMIBCompliances 1 }
tunnelMIBInetReadWriteCompliance MODULE-COMPLIANCE tunnelMIBInetFullCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The full compliance statement for the IP Tunnel MIB." "The full compliance statement for the IP Tunnel MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { tunnelMIBInetGroup } MANDATORY-GROUPS { tunnelMIBInetGroup }
OBJECT tunnelIfAddressType OBJECT tunnelIfAddressType
SYNTAX InetAddressType { ipv4(1), ipv6(2), SYNTAX InetAddressType { ipv4(1), ipv6(2),
ipv4z(3), ipv6z(4) } ipv4z(3), ipv6z(4) }
DESCRIPTION DESCRIPTION
"An implementation is only required to support IPv4 "An implementation is only required to support IPv4
and/or IPv6 addresses. An implementation only needs to and/or IPv6 addresses. An implementation only needs to
support the addresses it actually supports on the support the addresses it actually supports on the
device." device."
OBJECT tunnelInetConfigStatus
Draft Inet Tunnel MIB August 2004
SYNTAX RowStatus { active(1) }
WRITE-SYNTAX RowStatus { createAndGo(4), destroy(6) }
DESCRIPTION
"Support for createAndWait and notInService is not
required."
::= { tunnelMIBCompliances 2 } ::= { tunnelMIBCompliances 2 }
tunnelMIBInetReadOnlyCompliance MODULE-COMPLIANCE tunnelMIBInetReadOnlyCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The read-only compliance statement for the IP Tunnel "The read-only compliance statement for the IP Tunnel
MIB." MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { tunnelMIBInetGroup } MANDATORY-GROUPS { tunnelMIBInetGroup }
skipping to change at page 19, line 40 skipping to change at page 20, line 4
"Write access is not required." "Write access is not required."
OBJECT tunnelIfFlowLabel OBJECT tunnelIfFlowLabel
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
OBJECT tunnelIfAddressType OBJECT tunnelIfAddressType
SYNTAX InetAddressType { ipv4(1), ipv6(2), SYNTAX InetAddressType { ipv4(1), ipv6(2),
ipv4z(3), ipv6z(4) } ipv4z(3), ipv6z(4) }
Draft Inet Tunnel MIB October 2004
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required. "Write access is not required.
An implementation is only required to support IPv4 An implementation is only required to support IPv4
and/or IPv6 addresses. An implementation only needs to and/or IPv6 addresses. An implementation only needs to
support the addresses it actually supports on the support the addresses it actually supports on the
device." device."
OBJECT tunnelIfLocalInetAddress OBJECT tunnelIfLocalInetAddress
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
Draft Inet Tunnel MIB August 2004
"Write access is not required." "Write access is not required."
OBJECT tunnelIfRemoteInetAddress OBJECT tunnelIfRemoteInetAddress
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
OBJECT tunnelIfEncapsLimit
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
OBJECT tunnelInetConfigStatus OBJECT tunnelInetConfigStatus
SYNTAX RowStatus { active(1) }
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required, and active is the only "Write access is not required, and active is the only
status that needs to be supported." status that needs to be supported."
OBJECT tunnelInetConfigStorageType OBJECT tunnelInetConfigStorageType
MIN-ACCESS read-only MIN-ACCESS read-only
DESCRIPTION DESCRIPTION
"Write access is not required." "Write access is not required."
::= { tunnelMIBCompliances 3 } ::= { tunnelMIBCompliances 3 }
-- units of conformance -- units of conformance
tunnelMIBBasicGroup OBJECT-GROUP tunnelMIBBasicGroup OBJECT-GROUP
OBJECTS { tunnelIfLocalAddress, tunnelIfRemoteAddress, OBJECTS { tunnelIfLocalAddress, tunnelIfRemoteAddress,
tunnelIfEncapsMethod, tunnelIfHopLimit, tunnelIfTOS, tunnelIfEncapsMethod, tunnelIfHopLimit, tunnelIfTOS,
tunnelIfSecurity, tunnelConfigIfIndex, tunnelConfigStatus } tunnelIfSecurity, tunnelConfigIfIndex, tunnelConfigStatus }
STATUS deprecated STATUS deprecated
DESCRIPTION DESCRIPTION
"A collection of objects to support basic management "A collection of objects to support basic management
Draft Inet Tunnel MIB October 2004
of IPv4 Tunnels. Since this group cannot support of IPv4 Tunnels. Since this group cannot support
IPv6, it is deprecated in favor of IPv6, it is deprecated in favor of
tunnelMIBInetGroup." tunnelMIBInetGroup."
::= { tunnelMIBGroups 1 } ::= { tunnelMIBGroups 1 }
tunnelMIBInetGroup OBJECT-GROUP tunnelMIBInetGroup OBJECT-GROUP
OBJECTS { tunnelIfAddressType, tunnelIfLocalInetAddress, OBJECTS { tunnelIfAddressType, tunnelIfLocalInetAddress,
tunnelIfRemoteInetAddress, tunnelIfEncapsMethod, tunnelIfRemoteInetAddress, tunnelIfEncapsMethod,
tunnelIfEncapsLimit,
tunnelIfHopLimit, tunnelIfTOS, tunnelIfFlowLabel, tunnelIfHopLimit, tunnelIfTOS, tunnelIfFlowLabel,
tunnelIfSecurity, tunnelInetConfigIfIndex, tunnelIfSecurity, tunnelInetConfigIfIndex,
tunnelInetConfigStatus, tunnelInetConfigStorageType } tunnelInetConfigStatus, tunnelInetConfigStorageType }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A collection of objects to support basic management "A collection of objects to support basic management
of IPv4 and IPv6 Tunnels." of IPv4 and IPv6 Tunnels."
::= { tunnelMIBGroups 2 } ::= { tunnelMIBGroups 2 }
Draft Inet Tunnel MIB August 2004
END END
5. IANA Considerations 5. IANA Considerations
This document introduces a new IANA-maintained textual convention This document introduces a new IANA-maintained textual convention
(TC) which is to be added to the IANAifType-MIB [IFTYPE]. The (TC) which is to be added to the IANAifType-MIB [IFTYPE]. The
initial version of this IANAtunnelType TC can be found in Appendix initial version of this IANAtunnelType TC can be found in Appendix
A. The current version of the textual convention can be accessed A. The current version of the textual convention can be accessed
at http://www.iana.org/assignments/ianaiftype-mib at http://www.iana.org/assignments/ianaiftype-mib
The policy for assigning new IANAtunnelType values is First Come The assignment policy for IANAtunnelType values should always be
First Served, as defined in [RFC2434], just as it is for new identical to the policy for assigning IANAifType values.
IANAifTypes values. The assignment policy for IANAtunnelType
values should always be identical to the policy for assigning
IANAifType values.
New types of tunnels over IPv4 or IPv6 should not be assigned New types of tunnels over IPv4 or IPv6 should not be assigned
IANAifType values. Instead, they should be assigned IANAifType values. Instead, they should be assigned
IANAtunnelType values and hence reuse the interface type IANAtunnelType values and hence reuse the interface type
tunnel(131). (Note this restriction does not apply to "tunnels" tunnel(131). (Note this restriction does not apply to "tunnels"
which are not over IPv4 or IPv6.) which are not over IPv4 or IPv6.)
Previously tunnel types which were not point-to-point tunnels were Previously tunnel types which were not point-to-point tunnels were
problematic in that they could not be properly expressed in the problematic in that they could not be properly expressed in the
tunnel MIB, and hence were assigned IANAifType values. This tunnel MIB, and hence were assigned IANAifType values. This
document now corrects this problem, and as a result, IANA should document now corrects this problem, and as a result, IANA should
deprecate the sixToFour(215) IANAifType value in favor of the deprecate the sixToFour(215) IANAifType value in favor of the
sixToFour(11) IANAtunnelType value. sixToFour(11) IANAtunnelType value.
Draft Inet Tunnel MIB October 2004
6. Security Considerations 6. Security Considerations
There are a number of management objects defined in this MIB There are a number of management objects defined in this MIB
module with a MAX-ACCESS clause of read-write and/or read-create. module with a MAX-ACCESS clause of read-write and/or read-create.
Such objects may be considered sensitive or vulnerable in some Such objects may be considered sensitive or vulnerable in some
network environments. The support for SET operations in a non- network environments. The support for SET operations in a non-
secure environment without proper protection can have a negative secure environment without proper protection can have a negative
effect on network operations. effect on network operations.
Unauthorized write access to any of the writable objects could Unauthorized write access to any of the writable objects could
cause unauthorized creation and/or manipulation of tunnels, cause unauthorized creation and/or manipulation of tunnels,
resulting in a denial of service, or redirection of packets to an resulting in a denial of service, or redirection of packets to an
arbitrary destination. arbitrary destination.
Draft Inet Tunnel MIB August 2004
Some of the readable objects in this MIB module (i.e., objects Some of the readable objects in this MIB module (i.e., objects
with a MAX-ACCESS other than not-accessible) may be considered with a MAX-ACCESS other than not-accessible) may be considered
sensitive or vulnerable in some network environments. It is thus sensitive or vulnerable in some network environments. It is thus
important to control even GET and/or NOTIFY access to these important to control even GET and/or NOTIFY access to these
objects and possibly to even encrypt the values of these objects objects and possibly to even encrypt the values of these objects
when sending them over the network via SNMP. when sending them over the network via SNMP.
Unauthorized read access to tunnelIfLocalInetAddress, Unauthorized read access to tunnelIfLocalInetAddress,
tunnelIfRemoteInetAddress, tunnelIfLocalAddress, tunnelIfRemoteInetAddress, tunnelIfLocalAddress,
tunnelIfRemoteAddress, or any object in the tunnelConfigTable or tunnelIfRemoteAddress, or any object in the tunnelConfigTable or
skipping to change at page 22, line 38 skipping to change at page 23, line 4
including full support for the SNMPv3 cryptographic mechanisms including full support for the SNMPv3 cryptographic mechanisms
(for authentication and privacy). (for authentication and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access instance of this MIB module is properly configured to give access
to the objects only to those principals (users) that have to the objects only to those principals (users) that have
legitimate rights to indeed GET or SET (change/create/delete) legitimate rights to indeed GET or SET (change/create/delete)
Draft Inet Tunnel MIB October 2004
them. them.
7. Changes since RFC 2667 7. Changes since RFC 2667
IPv4-specific objects were deprecated, including IPv4-specific objects were deprecated, including
tunnelIfLocalAddress, tunnelIfRemoteAddress, the tunnelIfLocalAddress, tunnelIfRemoteAddress, the
tunnelConfigTable, and the tunnelMIBBasicGroup. tunnelConfigTable, and the tunnelMIBBasicGroup.
Added IP version-agnostic objects that should be used instead, Added IP version-agnostic objects that should be used instead,
including tunnelIfAddressType, tunnelIfLocalInetAddress, including tunnelIfAddressType, tunnelIfLocalInetAddress,
tunnelIfRemoteInetAddress, the tunnelInetConfigTable, and the tunnelIfRemoteInetAddress, the tunnelInetConfigTable, and the
tunnelIMIBInetGroup. tunnelIMIBInetGroup.
Draft Inet Tunnel MIB August 2004
The new tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress The new tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress
objects are read-write, rather than read-only. objects are read-write, rather than read-only.
Updated DESCRIPTION clauses of existing version-agnostic objects Updated DESCRIPTION clauses of existing version-agnostic objects
(e.g., tunnelIfTOS) that contained IPv4-specific text to cover (e.g., tunnelIfTOS) that contained IPv4-specific text to cover
IPv6 as well. IPv6 as well.
Added tunnelIfFlowLabel for tunnels over IPv6. Added tunnelIfFlowLabel for tunnels over IPv6.
The encapsulation method was previously an INTEGER type, and is The encapsulation method was previously an INTEGER type, and is
now an IANA-maintained textual convention. now an IANA-maintained textual convention.
8. Acknowledgements 8. Acknowledgements
This MIB module was updated based on feedback from the IETF's This MIB module was updated based on feedback from the IETF's
Interfaces MIB (IF-MIB) and Point-to-Point Protocol Extensions Interfaces MIB (IF-MIB), Point-to-Point Protocol Extensions
(PPPEXT) Working Groups. Mike Heard also provided valuable MIB (PPPEXT), and IPv6 Working Groups. Mike Heard and Ville Nuorvala
guidance on this version. also provided valuable MIB guidance on this version.
9. Author's Address 9. Author's Address
Dave Thaler Dave Thaler
Microsoft Corporation Microsoft Corporation
One Microsoft Way One Microsoft Way
Redmond, WA 98052-6399 Redmond, WA 98052-6399
Phone: +1 425 703 8835 Phone: +1 425 703 8835
EMail: dthaler@microsoft.com EMail: dthaler@microsoft.com
Draft Inet Tunnel MIB October 2004
10. Normative References 10. Normative References
[IFTYPE] Internet Assigned Numbers Authority, "IANAifType-MIB", [IFTYPE] Internet Assigned Numbers Authority, "IANAifType-MIB",
http://www.iana.org/assignments/ianaiftype-mib http://www.iana.org/assignments/ianaiftype-mib
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing [RFC2473] Conta, A. and S. Deering, "Generic Packet Tunneling in
an IANA Considerations Section in RFCs", RFC 2434, IPv6 Specification", RFC 2473, December 1998.
October 1998.
[RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, [RFC2578] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,
J., Rose, M. and S. Waldbusser, "Structure of J., Rose, M. and S. Waldbusser, "Structure of
Management Information Version 2 (SMIv2)", STD 58, RFC Management Information Version 2 (SMIv2)", STD 58, RFC
2578, April 1999. 2578, April 1999.
Draft Inet Tunnel MIB August 2004
[RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, [RFC2579] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,
J., Rose, M. and S. Waldbusser, "Textual Conventions J., Rose, M. and S. Waldbusser, "Textual Conventions
for SMIv2", STD 58, RFC 2579, April 1999. for SMIv2", STD 58, RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, [RFC2580] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case,
J., Rose, M. and S. Waldbusser, "Conformance J., Rose, M. and S. Waldbusser, "Conformance
Statements for SMIv2", STD 58, RFC 2580, April 1999. Statements for SMIv2", STD 58, RFC 2580, April 1999.
[RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces [RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces
Group MIB", RFC 2863, June 2000. Group MIB", RFC 2863, June 2000.
skipping to change at page 24, line 38 skipping to change at page 25, line 5
Networks", RFC 1234, June 1991. Networks", RFC 1234, June 1991.
[RFC1241] Woodburn, R. and D. Mills, "A Scheme for an Internet [RFC1241] Woodburn, R. and D. Mills, "A Scheme for an Internet
Encapsulation Protocol: Version 1", RFC 1241, July Encapsulation Protocol: Version 1", RFC 1241, July
1991. 1991.
[RFC1701] Hanks, S., Li, T., Farinacci, D. and P. Traina, [RFC1701] Hanks, S., Li, T., Farinacci, D. and P. Traina,
"Generic Routing Encapsulation (GRE)", RFC 1701, "Generic Routing Encapsulation (GRE)", RFC 1701,
October 1994. October 1994.
Draft Inet Tunnel MIB October 2004
[RFC1702] Hanks, S., Li, T., Farinacci, D. and P. Traina, [RFC1702] Hanks, S., Li, T., Farinacci, D. and P. Traina,
"Generic Routing Encapsulation over IPv4 networks", "Generic Routing Encapsulation over IPv4 networks",
RFC 1702, October 1994. RFC 1702, October 1994.
[RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003, [RFC2003] Perkins, C., "IP Encapsulation within IP", RFC 2003,
October 1996. October 1996.
[RFC2004] Perkins, C., "Minimal Encapsulation within IP", RFC [RFC2004] Perkins, C., "Minimal Encapsulation within IP", RFC
2004, October 1996. 2004, October 1996.
[RFC2107] Hamzeh, K., "Ascend Tunnel Management Protocol - [RFC2107] Hamzeh, K., "Ascend Tunnel Management Protocol -
ATMP", RFC 2107, February 1997. ATMP", RFC 2107, February 1997.
Draft Inet Tunnel MIB August 2004
[RFC2341] Valencia, A., Littlewood, M. and T. Kolar. "Cisco [RFC2341] Valencia, A., Littlewood, M. and T. Kolar. "Cisco
Layer Two Forwarding (Protocol) "L2F"", RFC 2341, May Layer Two Forwarding (Protocol) "L2F"", RFC 2341, May
1998. 1998.
[RFC2401] R. Atkinson, "Security architecture for the internet [RFC2401] R. Atkinson, "Security architecture for the internet
protocol", RFC 2401, November 1998. protocol", RFC 2401, November 1998.
[RFC2474] Nichols, K., Blake, S., Baker, F. and D. Black. [RFC2474] Nichols, K., Blake, S., Baker, F. and D. Black.
"Definition of the Differentiated Services Field (DS "Definition of the Differentiated Services Field (DS
Field) in the IPv4 and IPv6 Headers", RFC 2474, Field) in the IPv4 and IPv6 Headers", RFC 2474,
skipping to change at page 25, line 35 skipping to change at page 26, line 5
"L2TP"", RFC 2661, August 1999. "L2TP"", RFC 2661, August 1999.
[RFC2893] Gilligan, R. and E. Nordmark. "Transition Mechanisms [RFC2893] Gilligan, R. and E. Nordmark. "Transition Mechanisms
for IPv6 Hosts and Routers", RFC 2893, August 2000. for IPv6 Hosts and Routers", RFC 2893, August 2000.
[RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart, [RFC3410] Case, J., Mundy, R., Partain, D. and B. Stewart,
"Introduction and Applicability Statements for "Introduction and Applicability Statements for
Internet-Standard Management Framework", RFC 3410, Internet-Standard Management Framework", RFC 3410,
December 2002. December 2002.
Draft Inet Tunnel MIB October 2004
12. Appendix A: IANA Tunnel Type TC 12. Appendix A: IANA Tunnel Type TC
This appendix defines the initial content of the IANAtunnelType This appendix defines the initial content of the IANAtunnelType
textual convention which should appear in the IANAifType-MIB. textual convention which should appear in the IANAifType-MIB.
IANAtunnelType ::= TEXTUAL-CONVENTION IANAtunnelType ::= TEXTUAL-CONVENTION
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The encapsulation method used by a tunnel. The value "The encapsulation method used by a tunnel. The value
direct indicates that a packet is encapsulated direct indicates that a packet is encapsulated
directly within a normal IP header, with no directly within a normal IP header, with no
intermediate header, and unicast to the remote tunnel intermediate header, and unicast to the remote tunnel
endpoint (e.g., an RFC 2003 IP-in-IP tunnel, or an RFC endpoint (e.g., an RFC 2003 IP-in-IP tunnel, or an RFC
1933 IPv6-in-IPv4 tunnel). The value minimal indicates 1933 IPv6-in-IPv4 tunnel). The value minimal indicates
that a Minimal Forwarding Header (RFC 2004) is that a Minimal Forwarding Header (RFC 2004) is
inserted between the outer header and the payload inserted between the outer header and the payload
Draft Inet Tunnel MIB August 2004
packet. The value UDP indicates that the payload packet. The value UDP indicates that the payload
packet is encapsulated within a normal UDP packet packet is encapsulated within a normal UDP packet
(e.g., RFC 1234). (e.g., RFC 1234).
The values sixToFour, sixOverFour, and isatap The values sixToFour, sixOverFour, and isatap
indicates that an IPv6 packet is encapsulated directly indicates that an IPv6 packet is encapsulated directly
within an IPv4 header, with no intermediate header, within an IPv4 header, with no intermediate header,
and unicast to the destination determined by the 6to4, and unicast to the destination determined by the 6to4,
6over4, or ISATAP protocol. 6over4, or ISATAP protocol.
The remaining protocol-specific values indicate that a The remaining protocol-specific values indicate that a
header of the protocol of that name is inserted header of the protocol of that name is inserted
between the outer header and the payload header." between the outer header and the payload header.
The assignment policy for IANAtunnelType values is
identical to the policy for assigning IANAifType
values."
SYNTAX INTEGER { SYNTAX INTEGER {
other(1), -- none of the following other(1), -- none of the following
direct(2), -- no intermediate header direct(2), -- no intermediate header
gre(3), -- GRE encapsulation gre(3), -- GRE encapsulation
minimal(4), -- Minimal encapsulation minimal(4), -- Minimal encapsulation
l2tp(5), -- L2TP encapsulation l2tp(5), -- L2TP encapsulation
pptp(6), -- PPTP encapsulation pptp(6), -- PPTP encapsulation
l2f(7), -- L2F encapsulation l2f(7), -- L2F encapsulation
udp(8), -- UDP encapsulation udp(8), -- UDP encapsulation
atmp(9), -- ATMP encapsulation atmp(9), -- ATMP encapsulation
msdp(10), -- MSDP encapsulation msdp(10), -- MSDP encapsulation
sixToFour(11), -- 6to4 encapsulation sixToFour(11), -- 6to4 encapsulation
Draft Inet Tunnel MIB October 2004
sixOverFour(12), -- 6over4 encapsulation sixOverFour(12), -- 6over4 encapsulation
isatap(13), -- ISATAP encapsulation isatap(13), -- ISATAP encapsulation
teredo(14) -- Teredo encapsulation teredo(14) -- Teredo encapsulation
} }
13. Full Copyright Statement 13. Full Copyright Statement
Copyright (C) The Internet Society (2004). This document is Copyright (C) The Internet Society (2004). This document is
subject to the rights, licenses and restrictions contained in BCP subject to the rights, licenses and restrictions contained in BCP
78, and except as set forth therein, the authors retain all their 78, and except as set forth therein, the authors retain all their
rights. rights.
This document and the information contained herein are provided on This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT
THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
Draft Inet Tunnel MIB August 2004
PARTICULAR PURPOSE. PARTICULAR PURPOSE.
14. Intellectual Property 14. Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described pertain to the implementation or use of the technology described
in this document or the extent to which any license under such in this document or the extent to which any license under such
rights might or might not be available; neither does it represent rights might or might not be available; neither does it represent
that it has made any effort to identify any such rights. that it has made any effort to identify any such rights.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/