draft-perrault-behave-natv2-mib-03.txt   draft-perrault-behave-natv2-mib-04.txt 
Network Working Group S. Perreault Network Working Group S. Perreault
Internet-Draft Jive Communications Internet-Draft Jive Communications
Intended status: Standards Track T. Tsou Intended status: Standards Track T. Tsou
Expires: September 25, 2015 Huawei Technologies Expires: November 26, 2015 Huawei Technologies
S. Sivakumar S. Sivakumar
Cisco Systems Cisco Systems
T. Taylor T. Taylor
PT Taylor Consulting PT Taylor Consulting
March 24, 2015 May 25, 2015
Definitions of Managed Objects for Network Address Translators (NAT) Definitions of Managed Objects for Network Address Translators (NAT)
draft-perrault-behave-natv2-mib-03 draft-perrault-behave-natv2-mib-04
Abstract Abstract
This memo defines a portion of the Management Information Base (MIB) This memo defines a portion of the Management Information Base (MIB)
for devices implementing the Network Address Translator (NAT) for devices implementing the Network Address Translator (NAT)
function. The new MIB module defined in this document, NATV2-MIB, is function. The new MIB module defined in this document, NATV2-MIB, is
intended to replace module NAT-MIB (RFC 4008). NATV2-MIB is not intended to replace module NAT-MIB (RFC 4008). NATV2-MIB is not
backwards compatible with NAT-MIB, for reasons given in the text of backwards compatible with NAT-MIB, for reasons given in the text of
this document. A companion document deprecates all objects in NAT- this document. A companion document deprecates all objects in NAT-
MIB. NATV2-MIB can be used for monitoring of NAT instances on a MIB. NATV2-MIB can be used for monitoring of NAT instances on a
skipping to change at page 1, line 44 skipping to change at page 1, line 44
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 25, 2015. This Internet-Draft will expire on November 26, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 49 skipping to change at page 2, line 49
natv2PoolRangeTable . . . . . . . . . . . . . . . . . 16 natv2PoolRangeTable . . . . . . . . . . . . . . . . . 16
3.3.8. The Address Map Table: natv2AddressMapTable . . . . . 16 3.3.8. The Address Map Table: natv2AddressMapTable . . . . . 16
3.3.9. The Port Map Table: natv2PortMapTable . . . . . . . . 17 3.3.9. The Port Map Table: natv2PortMapTable . . . . . . . . 17
3.4. Conformance: Three Application Scenarios . . . . . . . . 17 3.4. Conformance: Three Application Scenarios . . . . . . . . 17
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 18 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 18
5. Operational and Management Considerations . . . . . . . . . . 74 5. Operational and Management Considerations . . . . . . . . . . 74
5.1. Configuration Requirements . . . . . . . . . . . . . . . 74 5.1. Configuration Requirements . . . . . . . . . . . . . . . 74
5.2. Transition From and Coexistence With NAT-MIB [RFC 4008] 76 5.2. Transition From and Coexistence With NAT-MIB [RFC 4008] 76
6. Security Considerations . . . . . . . . . . . . . . . . . . . 78 6. Security Considerations . . . . . . . . . . . . . . . . . . . 78
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 80
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 81 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 80
8.1. Normative References . . . . . . . . . . . . . . . . . . 81 8.1. Normative References . . . . . . . . . . . . . . . . . . 80
8.2. Informative References . . . . . . . . . . . . . . . . . 82 8.2. Informative References . . . . . . . . . . . . . . . . . 81
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 82
1. The SNMP Management Framework 1. The SNMP Management Framework
For a detailed overview of the documents that describe the current For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of Internet-Standard Management Framework, please refer to section 7 of
RFC 3410 [RFC3410]. RFC 3410 [RFC3410].
Managed objects are accessed via a virtual information store, termed Managed objects are accessed via a virtual information store, termed
the Management Information Base or MIB. MIB objects are generally the Management Information Base or MIB. MIB objects are generally
skipping to change at page 8, line 8 skipping to change at page 8, line 8
Threshold: natv2PoolThresholdUsageLow in natv2PoolTable. To allow Threshold: natv2PoolThresholdUsageLow in natv2PoolTable. To allow
for a threshold of zero usage, disabling of the for a threshold of zero usage, disabling of the
natv2NotificationPoolUsageLow is done by setting natv2NotificationPoolUsageLow is done by setting
natv2PoolThresholdUsageLow to -1 rather than 0, in contrast to all natv2PoolThresholdUsageLow to -1 rather than 0, in contrast to all
of the other notifications. of the other notifications.
Objects returned: natv2PoolNotifiedPortMapEntries and Objects returned: natv2PoolNotifiedPortMapEntries and
natv2PoolNotifiedPortMapProtocol in natv2PoolTable; natv2PoolNotifiedPortMapProtocol in natv2PoolTable;
Rate control: natv2PoolNotificationInterval in Rate control: natv2PoolNotificationInterval in natv2PoolTable.
natv2PoolTable (default 20 seconds between notifications for a
given address pool).
Notification: natv2NotificationPoolUsageHigh. Indicates that address Notification: natv2NotificationPoolUsageHigh. Indicates that address
pool usage for the most-mapped protocol has risen to the threshold pool usage for the most-mapped protocol has risen to the threshold
value or more. value or more.
Compared value: natv2PoolNotifiedPortMapEntries as a percentage of Compared value: natv2PoolNotifiedPortMapEntries as a percentage of
total available ports in the pool. total available ports in the pool.
Threshold: natv2PoolThresholdUsageHigh in natv2PoolTable; Threshold: natv2PoolThresholdUsageHigh in natv2PoolTable;
Objects returned: natv2PoolNotifiedPortMapEntries, Objects returned: natv2PoolNotifiedPortMapEntries,
natv2PoolNotifiedPortMapProtocol in natv2PoolTable; natv2PoolNotifiedPortMapProtocol in natv2PoolTable;
Rate control: natv2PoolNotificationInterval in Rate control: natv2PoolNotificationInterval in natv2PoolTable.
natv2PoolTable (default 20 seconds between notifications for a
given address pool).
Notification: natv2NotificationInstanceAddressMapEntriesHigh. Notification: natv2NotificationInstanceAddressMapEntriesHigh.
Indicates that the total number of entries in the address map table Indicates that the total number of entries in the address map table
over the whole NAT instance equals or exceeds the threshold value. over the whole NAT instance equals or exceeds the threshold value.
Compared value: natv2InstanceAddressMapEntries in Compared value: natv2InstanceAddressMapEntries in
natv2InstanceTable; natv2InstanceTable;
Threshold: natv2InstanceThresholdAddressMapEntriesHigh in Threshold: natv2InstanceThresholdAddressMapEntriesHigh in
natv2InstanceTable; natv2InstanceTable;
Objects returned: natv2InstanceAddressMapEntries, Objects returned: natv2InstanceAddressMapEntries,
natv2InstanceAddressMapCreations in natv2InstanceTable; natv2InstanceAddressMapCreations in natv2InstanceTable;
Rate control: natv2InstanceNotificationInterval in Rate control: natv2InstanceNotificationInterval in
natv2InstanceTable (default 10 seconds between notifications for a natv2InstanceTable.
given NAT instance).
Notification: natv2NotificationInstancePortMapEntriesHigh. Indicates Notification: natv2NotificationInstancePortMapEntriesHigh. Indicates
that the total number of entries in the port map table over the whole that the total number of entries in the port map table over the whole
NAT instance equals or exceeds the threshold value. NAT instance equals or exceeds the threshold value.
Compared value: natv2InstancePortMapEntries in natv2InstanceTable; Compared value: natv2InstancePortMapEntries in natv2InstanceTable;
Threshold: natv2InstanceThresholdPortMapEntriesHigh in Threshold: natv2InstanceThresholdPortMapEntriesHigh in
natv2InstanceTable; natv2InstanceTable;
Objects returned: natv2InstancePortMapEntries, Objects returned: natv2InstancePortMapEntries,
natv2InstancePortMapCreations in natv2InstanceTable; natv2InstancePortMapCreations in natv2InstanceTable;
Rate control: natv2InstanceNotificationInterval in Rate control: natv2InstanceNotificationInterval in
natv2InstanceTable (default 10 seconds between notifications for a natv2InstanceTable.
given NAT instance).
Notification: natv2NotificationSubscriberPortMapEntriesHigh. Notification: natv2NotificationSubscriberPortMapEntriesHigh.
Indicates that the total number of entries in the port map table for Indicates that the total number of entries in the port map table for
the given subscriber equals or exceeds the threshold value configured the given subscriber equals or exceeds the threshold value configured
for that subscriber. for that subscriber.
Compared value: natv2SubscriberPortMapEntries in Compared value: natv2SubscriberPortMapEntries in
natv2SubscriberTable; natv2SubscriberTable;
Threshold: natv2SubscriberThresholdPortMapEntriesHigh in Threshold: natv2SubscriberThresholdPortMapEntriesHigh in
natv2SubscriberTable; natv2SubscriberTable;
Objects returned: natv2SubscriberPortMapEntries, Objects returned: natv2SubscriberPortMapEntries,
natv2SubscriberPortMapCreations in natv2SubscriberTable; natv2SubscriberPortMapCreations in natv2SubscriberTable;
Rate control: natv2SubscriberNotificationInterval in Rate control: natv2SubscriberNotificationInterval in
natv2SubscriberTable (default 60 seconds between notifications for natv2SubscriberTable.
a given subscriber).
3.1.3. State Information 3.1.3. State Information
State information provides a snapshot of the content and extent of State information provides a snapshot of the content and extent of
the NAT mapping tables at a given moment of time. The address and the NAT mapping tables at a given moment of time. The address and
port mapping tables are described in detail below. In addition to port mapping tables are described in detail below. In addition to
these tables, two state variables are provided: current number of these tables, two state variables are provided: current number of
entries in the address mapping table, and current number of entries entries in the address mapping table, and current number of entries
in the port mapping table. With one exception, these are provided at in the port mapping table. With one exception, these are provided at
four levels of granularity: per NAT instance, per protocol, per four levels of granularity: per NAT instance, per protocol, per
skipping to change at page 15, line 47 skipping to change at page 15, line 47
The state and statistical information provided by this table consists The state and statistical information provided by this table consists
of the per-pool items described in Section 3.1.3 and Section 3.1.4 of the per-pool items described in Section 3.1.3 and Section 3.1.4
respectively, plus two additional state objects described below. respectively, plus two additional state objects described below.
natv2PoolTable provides the pool-specific object natv2PoolTable provides the pool-specific object
natv2PoolDiscontinuityTime to indicate the time since which the natv2PoolDiscontinuityTime to indicate the time since which the
statistical counters have accumulated continuously. statistical counters have accumulated continuously.
Read-write objects to set high and low thresholds for pool usage Read-write objects to set high and low thresholds for pool usage
notifications and for governing notification rate were identified in notifications and for governing notification rate were identified in
Section 3.1.2. The default interval between notifications for a Section 3.1.2.
given address pool is set to 20 seconds.
Implementation note: the thresholds are defined in terms of Implementation note: the thresholds are defined in terms of
percentage of available port utilization. The number of available percentage of available port utilization. The number of available
ports in a pool is equal to (max port - min port + 1) (from the ports in a pool is equal to (max port - min port + 1) (from the
natv2PoolTable configuration information) multiplied by the number natv2PoolTable configuration information) multiplied by the number
of addresses provisioned in the pool (sum of number of addresses of addresses provisioned in the pool (sum of number of addresses
provided by each natv2PoolRangeTable conceptual row relating to provided by each natv2PoolRangeTable conceptual row relating to
that pool). At configuration time, the thresholds can be that pool). At configuration time, the thresholds can be
recalculated in terms of total number of port map entries recalculated in terms of total number of port map entries
corresponding to the configured percentage, so that runtime corresponding to the configured percentage, so that runtime
skipping to change at page 18, line 16 skipping to change at page 18, line 14
Finally, a CGN MUST support the full contents of the MIB module. Finally, a CGN MUST support the full contents of the MIB module.
That includes the subscriber table, but also includes the special That includes the subscriber table, but also includes the special
provision for DS-Lite access in the address and port map tables. provision for DS-Lite access in the address and port map tables.
4. Definitions 4. Definitions
This MIB module IMPORTs objects from [RFC2578], [RFC2579], [RFC2580], This MIB module IMPORTs objects from [RFC2578], [RFC2579], [RFC2580],
[RFC3411], and [RFC4001]. [RFC3411], and [RFC4001].
NATV2-MIB DEFINITIONS ::= BEGIN NATV2-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Integer32,
Unsigned32,
Counter64,
mib-2,
NOTIFICATION-TYPE
FROM SNMPv2-SMI -- RFC 2578
TEXTUAL-CONVENTION,
DisplayString,
TimeStamp
FROM SNMPv2-TC -- RFC 2579
MODULE-COMPLIANCE,
NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF -- RFC 2580
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- RFC 3411
InetAddressType,
InetAddress,
InetAddressPrefixLength,
InetPortNumber
FROM INET-ADDRESS-MIB; -- RFC 4001
natv2MIB MODULE-IDENTITY
LAST-UPDATED "201502170000Z"
-- RFC Ed.: set to publication date
ORGANIZATION
"IETF Behavior Engineering for Hindrance Avoidance
(BEHAVE) Working Group"
CONTACT-INFO
"Working Group Email: behave@ietf.org
Simon Perreault
Jive Communications
Quebec, QC
Canada
Email: sperreault@jive.com
Tina Tsou IMPORTS
Huawei Technologies MODULE-IDENTITY,
Bantian, Longgang OBJECT-TYPE,
Shenzhen 518129 Integer32,
PR China Unsigned32,
Counter64,
mib-2,
NOTIFICATION-TYPE
FROM SNMPv2-SMI -- RFC 2578
TEXTUAL-CONVENTION,
DisplayString,
TimeStamp
FROM SNMPv2-TC -- RFC 2579
MODULE-COMPLIANCE,
NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF -- RFC 2580
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB -- RFC 3411
InetAddressType,
InetAddress,
InetAddressPrefixLength,
InetPortNumber
FROM INET-ADDRESS-MIB; -- RFC 4001
Email: tina.tsou.zouting@huawei.com natv2MIB MODULE-IDENTITY
LAST-UPDATED "201502170000Z"
-- RFC Ed.: set to publication date
ORGANIZATION
"IETF Behavior Engineering for Hindrance Avoidance
(BEHAVE) Working Group"
CONTACT-INFO
"Working Group Email: behave@ietf.org
Senthil Sivakumar Simon Perreault
Cisco Systems Jive Communications
7100-8 Kit Creek Road Quebec, QC
Research Triangle Park, North Carolina 27709 Canada
USA
Phone: +1 919 392 5158 Email: sperreault@jive.com
Email: ssenthil@cisco.com
Tom Taylor Tina Tsou
PT Taylor Consulting Huawei Technologies
Ottawa Bantian, Longgang
Canada Shenzhen 518129
PR China
Email: tom.taylor.stds@gmail.com" Email: tina.tsou.zouting@huawei.com
DESCRIPTION Senthil Sivakumar
"This MIB module defines the generic managed objects Cisco Systems
for NAT. 7100-8 Kit Creek Road
Research Triangle Park, North Carolina 27709
USA
Copyright (C) The Internet Society (2015). This Phone: +1 919 392 5158
version of this MIB module is part of RFC yyyy; see Email: ssenthil@cisco.com
the RFC itself for full legal notices."
REVISION "201502170000Z"
-- RFC Ed.: set to publication date
DESCRIPTION
"Complete rewrite, published as RFC yyyy.
Replaces former version published as RFC 4008."
-- RFC Ed.: replace yyyy with actual RFC number and set date"
::= { mib-2 123 }
-- temporary for compilation pending IANA assignment
-- textual conventions Tom Taylor
PT Taylor Consulting
Ottawa
Canada
ProtocolNumber ::= TEXTUAL-CONVENTION Email: tom.taylor.stds@gmail.com"
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"A protocol number, from the 'protocol-numbers' IANA
registry."
REFERENCE
"IANA Protocol Numbers,
http://www.iana.org/assignments/protocol-numbers/protocol-
numbers.xhtml#protocol-numbers-1"
SYNTAX Unsigned32 (0..255)
Natv2SubscriberIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION DESCRIPTION
"A unique value, greater than zero, for each subscriber "This MIB module defines the generic managed objects
in the managed system. The value for each for NAT.
subscriber MUST remain constant at least from one
update of the entity's natv2SubscriberDiscontinuityTime
object until the next update of that object. If a
subscriber is deleted, its assigned index value MUST NOT
be assigned to another subscriber at least until
reinitialization of the entity's management system."
SYNTAX Unsigned32 (1..4294967295)
Natv2SubscriberIndexOrZero ::= TEXTUAL-CONVENTION Copyright (C) The Internet Society (2015). This
DISPLAY-HINT "d" version of this MIB module is part of RFC yyyy; see
STATUS current the RFC itself for full legal notices."
REVISION "201502170000Z"
-- RFC Ed.: set to publication date
DESCRIPTION DESCRIPTION
"This textual convention is an extension of the "Complete rewrite, published as RFC yyyy.
Natv2SubscriberIndex convention. The latter defines a Replaces former version published as RFC 4008."
greater than zero value used to identify a subscriber in -- RFC Ed.: replace yyyy with actual RFC number and set date"
the managed system. This extension permits the additional ::= { mib-2 123 }
value of zero, which serves as a placeholder when no -- temporary for compilation pending IANA assignment
subscriber is associated with the object."
SYNTAX Unsigned32 (0|1..4294967295)
Natv2InstanceIndex ::= TEXTUAL-CONVENTION -- textual conventions
DISPLAY-HINT "d" ProtocolNumber ::= TEXTUAL-CONVENTION
STATUS current DISPLAY-HINT "d"
DESCRIPTION STATUS current
"A unique value, greater than zero, for each NAT instance DESCRIPTION
in the managed system. It is RECOMMENDED that values are "A protocol number, from the 'protocol-numbers' IANA
assigned contiguously starting from 1. The value for each registry."
NAT instance MUST remain constant at least from one REFERENCE
update of the entity's natv2InstanceDiscontinuityTime "IANA Protocol Numbers,
object until the next update of that object. If a NAT http://www.iana.org/assignments/protocol-numbers/protocol-
instance is deleted, its assigned index value MUST NOT numbers.xhtml#protocol-numbers-1"
be assigned to another NAT instance at least until SYNTAX Unsigned32 (0..255)
reinitialization of the entity's management system."
SYNTAX Unsigned32 (1..4294967295)
Natv2PoolIndex ::= TEXTUAL-CONVENTION Natv2SubscriberIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique value over the containing NAT instance, greater than "A unique value, greater than zero, for each subscriber
zero, for each address pool supported by that NAT instance. in the managed system. The value for each
It is RECOMMENDED that values are assigned contiguously subscriber MUST remain constant at least from one
starting from 1. The value for each address pool MUST remain update of the entity's natv2SubscriberDiscontinuityTime
constant at least from one update of the entity's object until the next update of that object. If a
natv2PoolDiscontinuityTime object until the next update of subscriber is deleted, its assigned index value MUST NOT
that object. If an address pool is deleted, its assigned be assigned to another subscriber at least until
index value MUST NOT be assigned to another address pool for reinitialization of the entity's management system."
the same NAT instance at least until reinitialization of the SYNTAX Unsigned32 (1..4294967295)
entity's management system."
SYNTAX Unsigned32 (1..4294967295)
Natv2PoolIndexOrZero ::= TEXTUAL-CONVENTION Natv2SubscriberIndexOrZero ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d" DISPLAY-HINT "d"
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This textual convention is an extension of the "This textual convention is an extension of the
Natv2PoolIndex convention. The latter defines a greater Natv2SubscriberIndex convention. The latter defines a
than zero value used to identify address pools in the greater than zero value used to identify a subscriber in
managed system. This extension permits the additional the managed system. This extension permits the additional
value of zero, which serves as a placeholder when the value of zero, which serves as a placeholder when no
implementation does not support address pools or no address subscriber is associated with the object."
pool is configured in a given external realm." SYNTAX Unsigned32 (0|1..4294967295)
SYNTAX Unsigned32 (0|1..4294967295)
-- notifications Natv2InstanceIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"A unique value, greater than zero, for each NAT instance
in the managed system. It is RECOMMENDED that values are
assigned contiguously starting from 1. The value for each
NAT instance MUST remain constant at least from one
update of the entity's natv2InstanceDiscontinuityTime
object until the next update of that object. If a NAT
instance is deleted, its assigned index value MUST NOT
be assigned to another NAT instance at least until
reinitialization of the entity's management system."
SYNTAX Unsigned32 (1..4294967295)
natv2MIBNotifications OBJECT IDENTIFIER ::= { natv2MIB 0 } Natv2PoolIndex ::= TEXTUAL-CONVENTION
DISPLAY-HINT "d"
STATUS current
DESCRIPTION
"A unique value over the containing NAT instance, greater than
zero, for each address pool supported by that NAT instance.
It is RECOMMENDED that values are assigned contiguously
starting from 1. The value for each address pool MUST remain
constant at least from one update of the entity's
natv2PoolDiscontinuityTime object until the next update of
that object. If an address pool is deleted, its assigned
index value MUST NOT be assigned to another address pool for
the same NAT instance at least until reinitialization of the
entity's management system."
SYNTAX Unsigned32 (1..4294967295)
natv2NotificationPoolUsageLow NOTIFICATION-TYPE Natv2PoolIndexOrZero ::= TEXTUAL-CONVENTION
OBJECTS { natv2PoolNotifiedPortMapEntries, DISPLAY-HINT "d"
natv2PoolNotifiedPortMapProtocol } STATUS current
STATUS current DESCRIPTION
DESCRIPTION "This textual convention is an extension of the
"This notification is triggered when an address pool's usage Natv2PoolIndex convention. The latter defines a greater
becomes less than or equal to the value of the than zero value used to identify address pools in the
natv2PoolThresholdUsageLow object for that pool, unless the managed system. This extension permits the additional
notification has been disabled by setting the value of the value of zero, which serves as a placeholder when the
threshold to -1. It is reported subject to the rate implementation does not support address pools or no address
limitation specified by natv2PortMapNotificationInterval. pool is configured in a given external realm."
SYNTAX Unsigned32 (0|1..4294967295)
Address pool usage is calculated as the percentage of the -- notifications
total number of ports allocated to the address pool that are
already in use, for the most-mapped protocol at the time
the notification is triggered. The two returned objects are
members of natv2PoolTable indexed by the NAT instance and
pool indices for which the event is being reported. They
give the number of port map entries using external addresses
configured on the pool for the most-mapped protocol and
identify that protocol at the time the notification was
triggered."
REFERENCE
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 1 }
natv2NotificationPoolUsageHigh NOTIFICATION-TYPE natv2MIBNotifications OBJECT IDENTIFIER ::= { natv2MIB 0 }
OBJECTS { natv2PoolNotifiedPortMapEntries,
natv2PoolNotifiedPortMapProtocol }
STATUS current
DESCRIPTION
"This notification is triggered when an address pool's usage
becomes greater than or equal to the value of the
natv2PoolThresholdUsageHigh object for that pool, unless
the notification has been disabled by setting the value of
the threshold to 0. It is reported subject to the rate
limitation specified by natv2PortMapNotificationInterval.
Address pool usage is calculated as the percentage of the natv2NotificationPoolUsageLow NOTIFICATION-TYPE
total number of ports allocated to the address pool that are OBJECTS { natv2PoolNotifiedPortMapEntries,
already in use, for the most-mapped protocol at the time the natv2PoolNotifiedPortMapProtocol }
notification is triggered. The two returned objects are STATUS current
members of natv2PoolTable indexed by the NAT instance and DESCRIPTION
pool indices for which the event is being reported. They "This notification is triggered when an address pool's usage
give the number of port map entries using external addresses becomes less than or equal to the value of the
configured on the pool for the most-mapped protocol and natv2PoolThresholdUsageLow object for that pool, unless the
identify that protocol at the time the notification was notification has been disabled by setting the value of the
triggered." threshold to -1. It is reported subject to the rate
REFERENCE limitation specified by natv2PortMapNotificationInterval.
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 2 }
natv2NotificationInstanceAddressMapEntriesHigh NOTIFICATION-TYPE Address pool usage is calculated as the percentage of the
OBJECTS { natv2InstanceAddressMapEntries, total number of ports allocated to the address pool that are
natv2InstanceAddressMapCreations } already in use, for the most-mapped protocol at the time
the notification is triggered. The two returned objects are
members of natv2PoolTable indexed by the NAT instance and
pool indices for which the event is being reported. They
give the number of port map entries using external addresses
configured on the pool for the most-mapped protocol and
identify that protocol at the time the notification was
triggered."
REFERENCE
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 1 }
STATUS current natv2NotificationPoolUsageHigh NOTIFICATION-TYPE
DESCRIPTION OBJECTS { natv2PoolNotifiedPortMapEntries,
"This notification is triggered when the value of natv2PoolNotifiedPortMapProtocol }
natv2InstanceAddressMapEntries equals or exceeds the value STATUS current
of the natv2InstanceThresholdAddressMapEntriesHigh object DESCRIPTION
for the NAT instance, unless disabled by setting that "This notification is triggered when an address pool's usage
threshold to 0. Reporting is subject to the rate limitation becomes greater than or equal to the value of the
given by natv2InstanceNotificationInterval. natv2PoolThresholdUsageHigh object for that pool, unless
the notification has been disabled by setting the value of
the threshold to -1. It is reported subject to the rate
limitation specified by natv2PortMapNotificationInterval.
natv2InstanceAddressMapEntries and Address pool usage is calculated as the percentage of the
natv2InstanceAddressMapCreations are members of table total number of ports allocated to the address pool that are
natv2InstanceTable indexed by the identifier of the NAT already in use, for the most-mapped protocol at the time the
instance for which the event is being reported. The values notification is triggered. The two returned objects are
reported are those observed at the moment the notification members of natv2PoolTable indexed by the NAT instance and
was triggered." pool indices for which the event is being reported. They
REFERENCE give the number of port map entries using external addresses
"RFC yyyy Section 3.1.2." configured on the pool for the most-mapped protocol and
::= { natv2MIBNotifications 3 } identify that protocol at the time the notification was
triggered."
REFERENCE
"RFC yyyy Section 3.1.2 and Section 3.3.6."
::= { natv2MIBNotifications 2 }
natv2NotificationInstancePortMapEntriesHigh NOTIFICATION-TYPE natv2NotificationInstanceAddressMapEntriesHigh NOTIFICATION-TYPE
OBJECTS { natv2InstancePortMapEntries, OBJECTS { natv2InstanceAddressMapEntries,
natv2InstancePortMapCreations } natv2InstanceAddressMapCreations }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This notification is triggered when the value of "This notification is triggered when the value of
natv2InstancePortMapEntries becomes greater than or equal to natv2InstanceAddressMapEntries equals or exceeds the value
the value of natv2InstanceThresholdPortMapEntriesHigh, of the natv2InstanceThresholdAddressMapEntriesHigh object
unless disabled by setting that threshold to 0. Reporting is for the NAT instance, unless disabled by setting that
subject to the rate limitation given by threshold to -1. Reporting is subject to the rate limitation
natv2InstanceNotificationInterval. given by natv2InstanceNotificationInterval.
natv2InstancePortMapEntries and natv2InstanceAddressMapEntries and
natv2InstancePortMapCreations are members of table natv2InstanceAddressMapCreations are members of table
natv2InstanceTable indexed by the identifier of the NAT natv2InstanceTable indexed by the identifier of the NAT
instance for which the event is being reported. The values instance for which the event is being reported. The values
reported are those observed at the moment the notification reported are those observed at the moment the notification
was triggered." was triggered."
::= { natv2MIBNotifications 4 } REFERENCE
"RFC yyyy Section 3.1.2."
::= { natv2MIBNotifications 3 }
natv2NotificationSubscriberPortMappingEntriesHigh natv2NotificationInstancePortMapEntriesHigh NOTIFICATION-TYPE
NOTIFICATION-TYPE OBJECTS { natv2InstancePortMapEntries,
OBJECTS { natv2SubscriberPortMapEntries, natv2InstancePortMapCreations }
natv2SubscriberPortMapCreations } STATUS current
STATUS current DESCRIPTION
DESCRIPTION "This notification is triggered when the value of
"This notification is triggered when the value of natv2InstancePortMapEntries becomes greater than or equal to
natv2SubscriberPortMapEntries for an individual subscriber the value of natv2InstanceThresholdPortMapEntriesHigh,
becomes greater than or equal to the value of the unless disabled by setting that threshold to -1. Reporting is
natv2SubscriberThresholdPortMapEntriesHigh object for that subject to the rate limitation given by
subscriber, unless disabled by setting that threshold to 0. natv2InstanceNotificationInterval.
Reporting is subject to the rate limitation given by
natv2SubscriberNotificationInterval.
natv2SubscriberPortMapEntries and natv2InstancePortMapEntries and
natv2SubscriberPortMapCreations are members of table natv2InstancePortMapCreations are members of table
natv2SubscriberTable indexed by the subscriber for natv2InstanceTable indexed by the identifier of the NAT
which the event is being reported. The values instance for which the event is being reported. The values
reported are those observed at the moment the notification reported are those observed at the moment the notification
was triggered." was triggered."
::= { natv2MIBNotifications 5 } ::= { natv2MIBNotifications 4 }
-- Device-level objects natv2NotificationSubscriberPortMappingEntriesHigh
NOTIFICATION-TYPE
OBJECTS { natv2SubscriberPortMapEntries,
natv2SubscriberPortMapCreations }
STATUS current
DESCRIPTION
"This notification is triggered when the value of
natv2SubscriberPortMapEntries for an individual subscriber
becomes greater than or equal to the value of the
natv2SubscriberThresholdPortMapEntriesHigh object for that
subscriber, unless disabled by setting that threshold to -1.
natv2MIBDeviceObjects OBJECT IDENTIFIER ::= { natv2MIB 1 } Reporting is subject to the rate limitation given by
natv2SubscriberNotificationInterval.
-- subscriber table natv2SubscriberPortMapEntries and
natv2SubscriberPortMapCreations are members of table
natv2SubscriberTable indexed by the subscriber for
which the event is being reported. The values
reported are those observed at the moment the notification
was triggered."
::= { natv2MIBNotifications 5 }
natv2SubscriberTable OBJECT-TYPE -- Device-level objects
SYNTAX SEQUENCE OF Natv2SubscriberEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of subscribers. As well as the subscriber index, it
provides per-subscriber state and counter objects, a last
discontinuity time object for the counters, and writable
threshold value and limit on port consumption."
REFERENCE
"RFC yyyy Section 3.3.3."
::= { natv2MIBDeviceObjects 1 }
natv2SubscriberEntry OBJECT-TYPE natv2MIBDeviceObjects OBJECT IDENTIFIER ::= { natv2MIB 1 }
SYNTAX Natv2SubscriberEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry describes a single subscriber."
INDEX { natv2SubscriberIndex }
::= { natv2SubscriberTable 1 }
Natv2SubscriberEntry ::= -- subscriber table
SEQUENCE {
natv2SubscriberIndex Natv2SubscriberIndex,
natv2SubscriberInternalRealm SnmpAdminString,
natv2SubscriberInternalPrefixType InetAddressType,
natv2SubscriberInternalPrefix InetAddress,
natv2SubscriberInternalPrefixLength InetAddressPrefixLength,
-- State
natv2SubscriberAddressMapEntries Unsigned32,
natv2SubscriberPortMapEntries Unsigned32,
-- Counters and last discontinuity time
natv2SubscriberTranslations Counter64,
natv2SubscriberAddressMapCreations Counter64,
natv2SubscriberPortMapCreations Counter64,
natv2SubscriberAddressMapFailureDrops Counter64,
natv2SubscriberPortMapFailureDrops Counter64,
natv2SubscriberDiscontinuityTime TimeStamp,
-- Read-write controls
natv2SubscriberLimitPortMapEntries Unsigned32,
-- Disable limit by setting to 0 (default)
natv2SubscriberThresholdPortMapEntriesHigh Unsigned32,
-- Disable notifications by setting threshold to 0 (default)
natv2SubscriberNotificationInterval Unsigned32
-- Default is 60 seconds
}
natv2SubscriberIndex OBJECT-TYPE natv2SubscriberTable OBJECT-TYPE
SYNTAX Natv2SubscriberIndex SYNTAX SEQUENCE OF Natv2SubscriberEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A unique value, greater than zero, for each subscriber "Table of subscribers. As well as the subscriber index, it
in the managed system. The value for each provides per-subscriber state and counter objects, a last
subscriber MUST remain constant at least from one discontinuity time object for the counters, and writable
update of the entity's natv2SubscriberDiscontinuityTime threshold value and limit on port consumption."
object until the next update of that object. If a REFERENCE
subscriber is deleted, its assigned index value MUST NOT "RFC yyyy Section 3.3.3."
be assigned to another subscriber at least until ::= { natv2MIBDeviceObjects 1 }
reinitialization of the entity's management system."
::= { natv2SubscriberEntry 1 }
-- Configuration for this subscriber: realm, internal address(es) natv2SubscriberEntry OBJECT-TYPE
SYNTAX Natv2SubscriberEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry describes a single subscriber."
INDEX { natv2SubscriberIndex }
::= { natv2SubscriberTable 1 }
natv2SubscriberInternalRealm OBJECT-TYPE Natv2SubscriberEntry ::=
SYNTAX SnmpAdminString (SIZE(0..32)) SEQUENCE {
MAX-ACCESS read-only natv2SubscriberIndex Natv2SubscriberIndex,
STATUS current natv2SubscriberInternalRealm SnmpAdminString,
DESCRIPTION natv2SubscriberInternalPrefixType InetAddressType,
"The address realm to which this subscriber belongs. A realm natv2SubscriberInternalPrefix InetAddress,
defines an address space. All NATs support at least two natv2SubscriberInternalPrefixLength InetAddressPrefixLength,
realms. -- State
natv2SubscriberAddressMapEntries Unsigned32,
natv2SubscriberPortMapEntries Unsigned32,
-- Counters and last discontinuity time
natv2SubscriberTranslations Counter64,
natv2SubscriberAddressMapCreations Counter64,
natv2SubscriberPortMapCreations Counter64,
natv2SubscriberAddressMapFailureDrops Counter64,
natv2SubscriberPortMapFailureDrops Counter64,
natv2SubscriberDiscontinuityTime TimeStamp,
-- Read-write controls
natv2SubscriberLimitPortMapEntries Unsigned32,
-- Disable notifications by setting threshold to -1
natv2SubscriberThresholdPortMapEntriesHigh Integer32,
-- Disable limit by setting to 0
natv2SubscriberNotificationInterval Unsigned32
}
The default realm for subscribers is 'internal'. natv2SubscriberIndex OBJECT-TYPE
Administrators can set other values for individual SYNTAX Natv2SubscriberIndex
subscribers when they are configured. The administrator MAY MAX-ACCESS not-accessible
configure a new value of natv2SubscriberRealm at any time STATUS current
subsequent to initial configuration of the subscriber. If DESCRIPTION
this happens, it MUST be treated as a point of discontinuity "A unique value, greater than zero, for each subscriber
requiring an update of natv2SubscriberDiscontinuityTime. in the managed system. The value for each
subscriber MUST remain constant at least from one
update of the entity's natv2SubscriberDiscontinuityTime
object until the next update of that object. If a
subscriber is deleted, its assigned index value MUST NOT
be assigned to another subscriber at least until
reinitialization of the entity's management system."
::= { natv2SubscriberEntry 1 }
When the subscriber sends a packet to the NAT through a -- Configuration for this subscriber: realm, internal address(es)
DS-Lite [RFC 6333] tunnel, this is the realm of the outer
packet header source address. Other tunneled access is out
of scope."
REFERENCE
"Address realm: RFC 2663. DS-Lite: RFC 6333."
DEFVAL
{ "internal" }
::= { natv2SubscriberEntry 2 }
natv2SubscriberInternalPrefixType OBJECT-TYPE natv2SubscriberInternalRealm OBJECT-TYPE
SYNTAX InetAddressType SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Subscriber's internal prefix type. Any value other than "The address realm to which this subscriber belongs. A realm
ipv4(1) or ipv6(2) would be unexpected. In the case of defines an address space. All NATs support at least two
DS-Lite access, this is the prefix type (IPv6(2)) used in realms.
the outer packet header."
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2SubscriberEntry 3 }
natv2SubscriberInternalPrefix OBJECT-TYPE The default realm for subscribers is 'internal'.
SYNTAX InetAddress Administrators can set other values for individual
MAX-ACCESS read-only subscribers when they are configured. The administrator MAY
STATUS current configure a new value of natv2SubscriberRealm at any time
DESCRIPTION subsequent to initial configuration of the subscriber. If
"Prefix assigned to a subscriber's CPE. Source addresses of this happens, it MUST be treated as a point of discontinuity
packets outgoing from the subscriber will be contained requiring an update of natv2SubscriberDiscontinuityTime.
within this prefix. In the case of DS-Lite access,
the source address taken from the prefix will be
that of the outer header."
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2SubscriberEntry 4 }
natv2SubscriberInternalPrefixLength OBJECT-TYPE When the subscriber sends a packet to the NAT through a
SYNTAX InetAddressPrefixLength DS-Lite [RFC 6333] tunnel, this is the realm of the outer
MAX-ACCESS read-only packet header source address. Other tunneled access is out
STATUS current of scope."
DESCRIPTION REFERENCE
"Length of the prefix assigned to a subscriber's CPE, in "Address realm: RFC 2663. DS-Lite: RFC 6333."
bits. If a single address is assigned, this will be 32 DEFVAL
for IPv4 and 128 for IPv6." { "internal" }
::= { natv2SubscriberEntry 5 } ::= { natv2SubscriberEntry 2 }
-- State objects natv2SubscriberInternalPrefixType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Subscriber's internal prefix type. Any value other than
ipv4(1) or ipv6(2) would be unexpected. In the case of
DS-Lite access, this is the prefix type (IPv6(2)) used in
the outer packet header."
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2SubscriberEntry 3 }
natv2SubscriberAddressMapEntries OBJECT-TYPE natv2SubscriberInternalPrefix OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of address map entries for the "Prefix assigned to a subscriber's CPE. Source addresses of
subscriber, including static mappings. An address map entry packets outgoing from the subscriber will be contained
maps from a given internal address and realm to an external within this prefix. In the case of DS-Lite access,
address in a particular external realm. This definition the source address taken from the prefix will be
includes 'hairpin' mappings, where the external realm is the that of the outer header."
same as the internal one. Address map entries are also REFERENCE
tracked per instance and per address pool within the "DS-Lite: RFC 6333."
instance." ::= { natv2SubscriberEntry 4 }
REFERENCE
"RFC yyyy Section 3.3.8."
::= { natv2SubscriberEntry 6 }
natv2SubscriberPortMapEntries OBJECT-TYPE natv2SubscriberInternalPrefixLength OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of port map entries in the port map table "Length of the prefix assigned to a subscriber's CPE, in
for the subscriber, including static mappings. A port map bits. If a single address is assigned, this will be 32
entry maps from a given external realm, address, and port for IPv4 and 128 for IPv6."
for a given protocol to an internal realm, address, and
port. This definition includes 'hairpin' mappings, where the
external realm is the same as the internal one. Port map
entries are also tracked per instance and per protocol and
address pool within the instance."
REFERENCE
"RFC yyyy Section 3.3.9."
::= { natv2SubscriberEntry 7 }
-- Counters and last discontinuity time ::= { natv2SubscriberEntry 5 }
natv2SubscriberTranslations OBJECT-TYPE -- State objects
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of translated packets received from or
sent to this subscriber. This value MUST be monotone
increasing in the periods between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 8 }
natv2SubscriberAddressMapCreations OBJECT-TYPE natv2SubscriberAddressMapEntries OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of address map entries created for "The current number of address map entries for the
this subscriber, including static mappings. Address map subscriber, including static mappings. An address map entry
entries are also tracked per instance and per protocol and maps from a given internal address and realm to an external
address pool within the instance. address in a particular external realm. This definition
includes 'hairpin' mappings, where the external realm is the
same as the internal one. Address map entries are also
tracked per instance and per address pool within the
instance."
REFERENCE
"RFC yyyy Section 3.3.8."
::= { natv2SubscriberEntry 6 }
This value MUST be monotone increasing in natv2SubscriberPortMapEntries OBJECT-TYPE
the periods between updates of the entity's SYNTAX Unsigned32
natv2SubscriberDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The current number of port map entries in the port map table
before the new value of natv2SubscriberDiscontinuityTime." for the subscriber, including static mappings. A port map
::= { natv2SubscriberEntry 9 } entry maps from a given external realm, address, and port
for a given protocol to an internal realm, address, and
port. This definition includes 'hairpin' mappings, where the
external realm is the same as the internal one. Port map
entries are also tracked per instance and per protocol and
address pool within the instance."
REFERENCE
"RFC yyyy Section 3.3.9."
::= { natv2SubscriberEntry 7 }
natv2SubscriberPortMapCreations OBJECT-TYPE -- Counters and last discontinuity time
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of port map entries created for this
subscriber, including static mappings. Port map entries are
also tracked per instance and per protocol and address pool
within the instance.
This value MUST be monotone increasing in the periods natv2SubscriberTranslations OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2SubscriberDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of translated packets received from or
before the new value of natv2SubscriberDiscontinuityTime." sent to this subscriber. This value MUST be monotone
::= { natv2SubscriberEntry 10 } increasing in the periods between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 8 }
natv2SubscriberAddressMapFailureDrops OBJECT-TYPE natv2SubscriberAddressMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets originated by this "The cumulative number of address map entries created for
subscriber that were dropped because the packet would have this subscriber, including static mappings. Address map
triggered the creation of a new address map entry, but no entries are also tracked per instance and per protocol and
address could be allocated in the selected external realm address pool within the instance.
because all addresses from the selected address pool (or the
whole realm, if no address pool has been configured for that
realm) have already been fully allocated.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in
between updates of the entity's the periods between updates of the entity's
natv2SubscriberDiscontinuityTime. If a manager detects a natv2SubscriberDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime." before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 11 } ::= { natv2SubscriberEntry 9 }
natv2SubscriberPortMapFailureDrops OBJECT-TYPE natv2SubscriberPortMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped because the "The cumulative number of port map entries created for this
packet would have triggered the creation of a new subscriber, including static mappings. Port map entries are
port mapping, but no port could be allocated for the also tracked per instance and per protocol and address pool
protocol concerned. The usual case for this will be within the instance.
for a NAT instance that supports address pooling and
the 'paired' pooling behavior recommended by RFC 4787,
where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to
in the selected address pool in the external realm
concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
If the NAT instance supports address pooling but its This value MUST be monotone increasing in the periods
pooling behavior is 'arbitrary' (meaning that between updates of the entity's
the NAT instance can allocate a new port mapping for natv2SubscriberDiscontinuityTime. If a manager detects a
the given internal endpoint on any address in the change in the latter since the last time it sampled this
selected address pool and is not bound to what it has counter, it SHOULD NOT make use of the difference between
already mapped for that endpoint), then this counter the latest value of the counter and any value retrieved
is incremented when all ports for the protocol concerned before the new value of natv2SubscriberDiscontinuityTime."
over the whole of the selected address pool are already ::= { natv2SubscriberEntry 10 }
in use.
As a third case, if no address pools have been configured natv2SubscriberAddressMapFailureDrops OBJECT-TYPE
for the external realm concerned, then this counter is SYNTAX Counter64
incremented because all ports for the protocol involved over MAX-ACCESS read-only
the whole set of addresses available for that external realm STATUS current
are already in use. DESCRIPTION
"The cumulative number of packets originated by this
subscriber that were dropped because the packet would have
triggered the creation of a new address map entry, but no
address could be allocated in the selected external realm
because all addresses from the selected address pool (or the
whole realm, if no address pool has been configured for that
realm) have already been fully allocated.
Finally, this counter is incremented if the packet would This value MUST be monotone increasing in the periods
have triggered the creation of a new port mapping, but the between updates of the entity's
current value of natv2SubscriberPortMapEntries equals or natv2SubscriberDiscontinuityTime. If a manager detects a
exceeds the value of natv2SubscriberLimitPortMapEntries change in the latter since the last time it sampled this
for this subscriber (unless that limit is disabled). counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2SubscriberDiscontinuityTime."
::= { natv2SubscriberEntry 11 }
This value MUST be monotone increasing in the periods natv2SubscriberPortMapFailureDrops OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2SubscriberDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped because the
before the new value of natv2SubscriberDiscontinuityTime." packet would have triggered the creation of a new
REFERENCE port mapping, but no port could be allocated for the
"Pooling behavior: RFC 4787, end of section 4.1." protocol concerned. The usual case for this will be
::= { natv2SubscriberEntry 12 } for a NAT instance that supports address pooling and
the 'paired' pooling behavior recommended by RFC 4787,
where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to
in the selected address pool in the external realm
concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
natv2SubscriberDiscontinuityTime OBJECT-TYPE If the NAT instance supports address pooling but its
SYNTAX TimeStamp pooling behavior is 'arbitrary' (meaning that
MAX-ACCESS read-only the NAT instance can allocate a new port mapping for
STATUS current the given internal endpoint on any address in the
DESCRIPTION selected address pool and is not bound to what it has
"Snapshot of the value of the sysUpTime object at the already mapped for that endpoint), then this counter
beginning of the latest period of continuity of the is incremented when all ports for the protocol concerned
statistical counters associated with this subscriber." over the whole of the selected address pool are already
::= { natv2SubscriberEntry 14 } in use.
-- Per-subscriber limit and threshold on port mappings As a third case, if no address pools have been configured
-- Disabled if set to zero for the external realm concerned, then this counter is
natv2SubscriberLimitPortMapEntries OBJECT-TYPE incremented because all ports for the protocol involved over
SYNTAX Unsigned32 the whole set of addresses available for that external realm
MAX-ACCESS read-write are already in use.
STATUS current
DESCRIPTION
"Limit on total number of port mappings active for this
subscriber (natv2SubscriberPortMapEntries). Once this limit
is reached, packets that might have triggered new port
mappings are dropped. The number of such packets dropped is
counted in natv2InstancePortMapFailureDrops.
Limit is disabled if set to zero (default)." Finally, this counter is incremented if the packet would
DEFVAL have triggered the creation of a new port mapping, but the
{ 0 } current value of natv2SubscriberPortMapEntries equals or
::= { natv2SubscriberEntry 15 } exceeds the value of natv2SubscriberLimitPortMapEntries
for this subscriber (unless that limit is disabled).
natv2SubscriberThresholdPortMapEntriesHigh OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Unsigned32 between updates of the entity's
MAX-ACCESS read-write natv2SubscriberDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"Notification threshold for total number of port mappings the latest value of the counter and any value retrieved
active for this subscriber. Whenever before the new value of natv2SubscriberDiscontinuityTime."
natv2SubscriberPortMapEntries is updated, if it equals or REFERENCE
exceeds natv2SubscriberThresholdPortMapEntriesHigh, the "Pooling behavior: RFC 4787, end of section 4.1."
notification ::= { natv2SubscriberEntry 12 }
natv2NotificationSubscriberPortMappingEntriesHigh is
triggered, unless the notification is disabled by setting
the threshold to 0. Reporting is subject to the minimum
inter-notification interval given by
natv2SubscriberNotificationInterval. If multiple
notifications are triggered during one interval, the agent
MUST report only the one containing the highest value of
natv2SubscriberPortMapEntries and discard the others."
DEFVAL
{ 0 }
::= { natv2SubscriberEntry 16 }
natv2SubscriberNotificationInterval OBJECT-TYPE natv2SubscriberDiscontinuityTime OBJECT-TYPE
SYNTAX Unsigned32 (1..3600) SYNTAX TimeStamp
UNITS MAX-ACCESS read-only
"Seconds" STATUS current
MAX-ACCESS read-write DESCRIPTION
STATUS current "Snapshot of the value of the sysUpTime object at the
DESCRIPTION beginning of the latest period of continuity of the
"Minimum number of seconds (default 60) between successive statistical counters associated with this subscriber."
reporting of notifications for this subscriber. Controls the ::= { natv2SubscriberEntry 14 }
reporting of
natv2NotificationSubscriberPortMappingEntriesHigh."
DEFVAL
{ 60 }
::= { natv2SubscriberEntry 17 }
-- Per-NAT-instance objects -- Per-subscriber limit and threshold on port mappings
-- Disabled if set to zero
natv2SubscriberLimitPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Limit on total number of port mappings active for this
subscriber (natv2SubscriberPortMapEntries). Once this limit
is reached, packets that might have triggered new port
mappings are dropped. The number of such packets dropped is
counted in natv2InstancePortMapFailureDrops.
natv2MIBInstanceObjects OBJECT IDENTIFIER ::= { natv2MIB 2 } Limit is disabled if set to zero."
-- Instance table DEFVAL
{ 0 }
::= { natv2SubscriberEntry 15 }
natv2InstanceTable OBJECT-TYPE natv2SubscriberThresholdPortMapEntriesHigh OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2InstanceEntry SYNTAX Integer32
MAX-ACCESS not-accessible MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of NAT instances. As well as state and counter "Notification threshold for total number of port mappings
objects, it provides the instance index, instance name, and active for this subscriber. Whenever
the last discontinuity time object which is applicable to natv2SubscriberPortMapEntries is updated, if it equals or
the counters. It also contains writable thresholds for exceeds natv2SubscriberThresholdPortMapEntriesHigh, the
reporting of notifications and limits on usage of resources notification
at the level of the NAT instance. natv2NotificationSubscriberPortMappingEntriesHigh is
triggered, unless the notification is disabled by setting
the threshold to -1. Reporting is subject to the minimum
inter-notification interval given by
natv2SubscriberNotificationInterval. If multiple
notifications are triggered during one interval, the agent
MUST report only the one containing the highest value of
natv2SubscriberPortMapEntries and discard the others."
DEFVAL
{ -1 }
::= { natv2SubscriberEntry 16 }
It is assumed that NAT instances can be created and deleted natv2SubscriberNotificationInterval OBJECT-TYPE
dynamically, but this MIB module does not provide the means SYNTAX Unsigned32 (1..3600)
to do so. For restrictions on assignment and maintenance of UNITS
the NAT index instance see the description of "Seconds"
natv2InstanceIndex in the table below. For the requirements MAX-ACCESS read-write
on maintenance of the values of the counters in this table STATUS current
see the description of natv2InstanceDiscontinuityTime in DESCRIPTION
this table. "Minimum number of seconds between successive
reporting of notifications for this subscriber. Controls the
reporting of
natv2NotificationSubscriberPortMappingEntriesHigh."
DEFVAL
{ 60 }
::= { natv2SubscriberEntry 17 }
Each NAT instance has its own resources and behavior. The -- Per-NAT-instance objects
resources include memory as reflected in space for map
entries, processing power as reflected in the rate of map
creation and deletion, and mappable addresses in each realm
that can play the role of an external realm for at least
some mappings for that instance. The NAT instance table
includes limits and notification thresholds that relate to
memory usage for mapping at the level of the whole instance.
The limit on number of subscribers with active mappings is a
limit to some extent on processor usage.
The mappable 'external' addresses may or may not be natv2MIBInstanceObjects OBJECT IDENTIFIER ::= { natv2MIB 2 }
organized into address pools. For a definition of address
pools see the description of natv2PoolTable. If the instance
does support address pools, it also has a pooling behavior.
Mapping, filtering, and pooling behavior are defined in the
descriptions of the natv2InstancePortMappingBehavior,
natv2InstanceFilteringBehavior, and
natv2InstancePoolingBehavior objects in this table. The
instance also has a fragmentation behavior, defined in the
description of the natv2InstanceFragmentBehavior object."
REFERENCE
"RFC yyyy Section 3.3.4. NAT behaviors: RFC 4787
(primary, UDP); RFC 5382 (TCP), RFC 5508 (ICMP), RFC5597
(DCCP)."
::= { natv2MIBInstanceObjects 1 } -- Instance table
natv2InstanceEntry OBJECT-TYPE natv2InstanceTable OBJECT-TYPE
SYNTAX Natv2InstanceEntry SYNTAX SEQUENCE OF Natv2InstanceEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Objects related to a single NAT instance." "Table of NAT instances. As well as state and counter
INDEX { natv2InstanceIndex } objects, it provides the instance index, instance name, and
::= { natv2InstanceTable 1 } the last discontinuity time object which is applicable to
the counters. It also contains writable thresholds for
reporting of notifications and limits on usage of resources
at the level of the NAT instance.
Natv2InstanceEntry ::= It is assumed that NAT instances can be created and deleted
SEQUENCE { dynamically, but this MIB module does not provide the means
natv2InstanceIndex Natv2InstanceIndex, to do so. For restrictions on assignment and maintenance of
natv2InstanceAlias DisplayString, the NAT index instance see the description of
-- Configured behaviors natv2InstanceIndex in the table below. For the requirements
natv2InstancePortMappingBehavior INTEGER, on maintenance of the values of the counters in this table
natv2InstanceFilteringBehavior INTEGER, see the description of natv2InstanceDiscontinuityTime in
natv2InstancePoolingBehavior INTEGER, this table.
natv2InstanceFragmentBehavior INTEGER,
-- State
natv2InstanceAddressMapEntries Unsigned32,
natv2InstancePortMapEntries Unsigned32,
-- Statistics and discontinuity time
natv2InstanceTranslations Counter64,
natv2InstanceAddressMapCreations Counter64,
natv2InstancePortMapCreations Counter64,
natv2InstanceAddressMapEntryLimitDrops Counter64,
natv2InstancePortMapEntryLimitDrops Counter64,
natv2InstanceSubscriberActiveLimitDrops Counter64,
natv2InstanceAddressMapFailureDrops Counter64,
natv2InstancePortMapFailureDrops Counter64,
natv2InstanceFragmentDrops Counter64,
natv2InstanceOtherResourceFailureDrops Counter64,
natv2InstanceDiscontinuityTime TimeStamp,
-- Notification thresholds, disabled if set to 0
natv2InstanceThresholdAddressMapEntriesHigh Unsigned32,
natv2InstanceThresholdPortMapEntriesHigh Unsigned32,
natv2InstanceNotificationInterval Unsigned32,
-- Limits, disabled if set to 0
natv2InstanceLimitAddressMapEntries Unsigned32,
natv2InstanceLimitPortMapEntries Unsigned32,
natv2InstanceLimitPendingFragments Unsigned32,
natv2InstanceLimitSubscriberActives Unsigned32
}
natv2InstanceIndex OBJECT-TYPE Each NAT instance has its own resources and behavior. The
SYNTAX Natv2InstanceIndex resources include memory as reflected in space for map
MAX-ACCESS not-accessible entries, processing power as reflected in the rate of map
STATUS current creation and deletion, and mappable addresses in each realm
DESCRIPTION that can play the role of an external realm for at least
"NAT instance index. It is up to the implementation to some mappings for that instance. The NAT instance table
determine which values correspond to in-service NAT includes limits and notification thresholds that relate to
instances. This object is used as an index for all tables memory usage for mapping at the level of the whole instance.
defined below." The limit on number of subscribers with active mappings is a
::= { natv2InstanceEntry 1 } limit to some extent on processor usage.
natv2InstanceAlias OBJECT-TYPE The mappable 'external' addresses may or may not be
SYNTAX DisplayString (SIZE (0..64)) organized into address pools. For a definition of address
MAX-ACCESS read-only pools see the description of natv2PoolTable. If the instance
STATUS current does support address pools, it also has a pooling behavior.
DESCRIPTION Mapping, filtering, and pooling behavior are defined in the
"This object is an 'alias' name for the NAT instance as descriptions of the natv2InstancePortMappingBehavior,
specified by a network manager, and provides a non-volatile natv2InstanceFilteringBehavior, and
'handle' for the instance. natv2InstancePoolingBehavior objects in this table. The
instance also has a fragmentation behavior, defined in the
description of the natv2InstanceFragmentBehavior object."
REFERENCE
"RFC yyyy Section 3.3.4. NAT behaviors: RFC 4787
(primary, UDP); RFC 5382 (TCP), RFC 5508 (ICMP), RFC5597
(DCCP)."
::= { natv2MIBInstanceObjects 1 }
An example of the value which a network manager might store natv2InstanceEntry OBJECT-TYPE
in this object for a NAT instance is the name/identifier of SYNTAX Natv2InstanceEntry
the interface that brings in internal traffic for this NAT MAX-ACCESS not-accessible
instance or the name of the VRF for internal traffic." STATUS current
::= { natv2InstanceEntry 2 } DESCRIPTION
"Objects related to a single NAT instance."
INDEX { natv2InstanceIndex }
::= { natv2InstanceTable 1 }
-- Configured behaviors Natv2InstanceEntry ::=
SEQUENCE {
natv2InstanceIndex Natv2InstanceIndex,
natv2InstanceAlias DisplayString,
-- Configured behaviors
natv2InstancePortMappingBehavior INTEGER,
natv2InstanceFilteringBehavior INTEGER,
natv2InstancePoolingBehavior INTEGER,
natv2InstanceFragmentBehavior INTEGER,
-- State
natv2InstanceAddressMapEntries Unsigned32,
natv2InstancePortMapEntries Unsigned32,
-- Statistics and discontinuity time
natv2InstanceTranslations Counter64,
natv2InstanceAddressMapCreations Counter64,
natv2InstancePortMapCreations Counter64,
natv2InstanceAddressMapEntryLimitDrops Counter64,
natv2InstancePortMapEntryLimitDrops Counter64,
natv2InstanceSubscriberActiveLimitDrops Counter64,
natv2InstanceAddressMapFailureDrops Counter64,
natv2InstancePortMapFailureDrops Counter64,
natv2InstanceFragmentDrops Counter64,
natv2InstanceOtherResourceFailureDrops Counter64,
natv2InstanceDiscontinuityTime TimeStamp,
-- Notification thresholds, disabled if set to -1
natv2InstanceThresholdAddressMapEntriesHigh Integer32,
natv2InstanceThresholdPortMapEntriesHigh Integer32,
natv2InstanceNotificationInterval Unsigned32,
-- Limits, disabled if set to 0
natv2InstanceLimitAddressMapEntries Unsigned32,
natv2InstanceLimitPortMapEntries Unsigned32,
natv2InstanceLimitPendingFragments Unsigned32,
natv2InstanceLimitSubscriberActives Unsigned32
}
natv2InstancePortMappingBehavior OBJECT-TYPE natv2InstanceIndex OBJECT-TYPE
SYNTAX INTEGER { SYNTAX Natv2InstanceIndex
endpointIndependent (0), MAX-ACCESS not-accessible
addressDependent (1), STATUS current
addressAndPortDependent (2) DESCRIPTION
} "NAT instance index. It is up to the implementation to
MAX-ACCESS read-only determine which values correspond to in-service NAT
STATUS current instances. This object is used as an index for all tables
DESCRIPTION defined below."
"Port mapping behavior is the policy governing selection of ::= { natv2InstanceEntry 1 }
external address and port in a given realm for a given
five-tuple of source address and port, destination address
and port, and protocol.
endpointIndependent(0), the behavior REQUIRED by RFC 4787 natv2InstanceAlias OBJECT-TYPE
REQ-1, maps the source address and port to the same SYNTAX DisplayString (SIZE (0..64))
external address and port for all destination address and MAX-ACCESS read-only
port combinations reached through the same external realm STATUS current
and using the given protocol. DESCRIPTION
"This object is an 'alias' name for the NAT instance as
specified by a network manager, and provides a non-volatile
'handle' for the instance.
addressDependent(1) maps to the same external address and An example of the value which a network manager might store
port for all destination ports at the same destination in this object for a NAT instance is the name/identifier of
address reached through the same external realm and using the interface that brings in internal traffic for this NAT
the given protocol. instance or the name of the VRF for internal traffic."
::= { natv2InstanceEntry 2 }
addressAndPortDependent(2) maps to a separate external -- Configured behaviors
address and port combination for each different
destination address and port combination reached through
the same external realm."
REFERENCE
"RFC 4787 section 4.1."
::= { natv2InstanceEntry 3 }
natv2InstanceFilteringBehavior OBJECT-TYPE natv2InstancePortMappingBehavior OBJECT-TYPE
SYNTAX INTEGER { SYNTAX INTEGER {
endpointIndependent (0), endpointIndependent (0),
addressDependent (1), addressDependent (1),
addressAndPortDependent (2) addressAndPortDependent (2)
} }
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Filtering behavior is the policy governing acceptance or "Port mapping behavior is the policy governing selection of
dropping of packets incoming from remote sources via a external address and port in a given realm for a given
given external realm and destined to a specific three-tuple five-tuple of source address and port, destination address
of external address, port, and protocol at the NAT instance and port, and protocol.
that has been assigned in a port mapping.
endpointIndependent(0) accepts for translation packets from endpointIndependent(0), the behavior REQUIRED by RFC 4787
all combinations of remote address and port destined to the REQ-1, maps the source address and port to the same
mapped external address and port via the given external external address and port for all destination address and
realm and using the given protocol. port combinations reached through the same external realm
and using the given protocol.
addressDependent(1) accepts for translation packets from all addressDependent(1) maps to the same external address and
remote ports from the same remote source address destined to port for all destination ports at the same destination
the mapped external address and port via the given external address reached through the same external realm and using
realm and using the given protocol. the given protocol.
addressAndPortDependent(2) accepts for translation only addressAndPortDependent(2) maps to a separate external
those packets with the same remote source address, port, and address and port combination for each different
protocol incoming from the same external realm as identified destination address and port combination reached through
when the applicable port map entry was created. the same external realm."
REFERENCE
"RFC 4787 section 4.1."
::= { natv2InstanceEntry 3 }
RFC 4787 REQ-8 recommends either endpointIndependent(0) or natv2InstanceFilteringBehavior OBJECT-TYPE
addressDependent(1) filtering behavior depending on whether SYNTAX INTEGER {
application-friendliness or security takes priority." endpointIndependent (0),
REFERENCE addressDependent (1),
"RFC 4787 section 5." addressAndPortDependent (2)
::= { natv2InstanceEntry 4 } }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Filtering behavior is the policy governing acceptance or
dropping of packets incoming from remote sources via a
given external realm and destined to a specific three-tuple
of external address, port, and protocol at the NAT instance
that has been assigned in a port mapping.
natv2InstancePoolingBehavior OBJECT-TYPE endpointIndependent(0) accepts for translation packets from
SYNTAX INTEGER { all combinations of remote address and port destined to the
arbitrary (0), mapped external address and port via the given external
paired (1) realm and using the given protocol.
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Pooling behavior is the policy used to select the address
for a new port mapping within a given address pool to which
the internal address has already been mapped.
arbitrary(0) pooling behavior means that the NAT instance addressDependent(1) accepts for translation packets from all
may create the new port mapping using any address in the remote ports from the same remote source address destined to
pool that has a free port for the protocol concerned. the mapped external address and port via the given external
realm and using the given protocol.
paired(1) pooling behavior, the behavior RECOMMENDED by RFC addressAndPortDependent(2) accepts for translation only
4787 REQ-2, means that once a given internal address has those packets with the same remote source address, port, and
been mapped to a particular address in a particular pool, protocol incoming from the same external realm as identified
further mappings of the same internal address to that pool when the applicable port map entry was created.
will reuse the previously assigned pool member address."
REFERENCE
"RFC 4787 near the end of section 4.1"
::= { natv2InstanceEntry 5 }
natv2InstanceFragmentBehavior OBJECT-TYPE RFC 4787 REQ-8 recommends either endpointIndependent(0) or
SYNTAX INTEGER { addressDependent(1) filtering behavior depending on whether
fragmentNone (0), application-friendliness or security takes priority."
fragmentInOrder (1), REFERENCE
fragmentOutOfOrder (2) "RFC 4787 section 5."
} ::= { natv2InstanceEntry 4 }
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Fragment behavior is the NAT instance's capability to
receive and translate fragments incoming from remote
sources.
fragmentNone(0) implies no capability to translate incoming natv2InstancePoolingBehavior OBJECT-TYPE
fragments, so all received fragments are dropped. Each SYNTAX INTEGER {
dropped fragment is counted in natv2InstanceFragmentDrops. arbitrary (0),
paired (1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Pooling behavior is the policy used to select the address
for a new port mapping within a given address pool to which
the internal address has already been mapped.
fragmentInOrder(1) implies the ability to translate arbitrary(0) pooling behavior means that the NAT instance
fragments only if they are received in order, so that in may create the new port mapping using any address in the
particular the header is in the first packet. If a fragment pool that has a free port for the protocol concerned.
is received out of order, it is dropped and counted in
natv2InstanceFragmentDrops.
fragmentOutOfOrder(2), the capability REQUIRED by RFC 4787 paired(1) pooling behavior, the behavior RECOMMENDED by RFC
REQ-14, implies the capability to translate fragments even 4787 REQ-2, means that once a given internal address has
when they arrive out of order, subject to a protective been mapped to a particular address in a particular pool,
limit natv2InstanceLimitPendingFragments on total number of further mappings of the same internal address to that pool
fragments awaiting the first fragment of the chain. If the will reuse the previously assigned pool member address."
implementation supports this capability, REFERENCE
natv2InstanceFragmentDrops is incremented only when a new "RFC 4787 near the end of section 4.1"
fragment arrives but is dropped because the limit on pending ::= { natv2InstanceEntry 5 }
fragments has already been reached."
REFERENCE
"RFC 4787 section 11."
::= { natv2InstanceEntry 6 }
-- State natv2InstanceFragmentBehavior OBJECT-TYPE
SYNTAX INTEGER {
fragmentNone (0),
fragmentInOrder (1),
fragmentOutOfOrder (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Fragment behavior is the NAT instance's capability to
receive and translate fragments incoming from remote
sources.
natv2InstanceAddressMapEntries OBJECT-TYPE fragmentNone(0) implies no capability to translate incoming
SYNTAX Unsigned32 fragments, so all received fragments are dropped. Each
MAX-ACCESS read-only dropped fragment is counted in natv2InstanceFragmentDrops.
STATUS current
DESCRIPTION
"The current number of address map entries in total over the
whole NAT instance, including static mappings. An address
map entry maps from a given internal address and realm to an
external address in a particular external realm. This
definition includes 'hairpin' mappings, where the external
realm is the same as the internal one. Address map entries
are also tracked per subscriber and per address pool within
the instance."
REFERENCE
"RFC yyyy Section 3.3.8. RFC 4787 section 6."
::= { natv2InstanceEntry 7 }
natv2InstancePortMapEntries OBJECT-TYPE fragmentInOrder(1) implies the ability to translate
SYNTAX Unsigned32 fragments only if they are received in order, so that in
MAX-ACCESS read-only particular the header is in the first packet. If a fragment
STATUS current is received out of order, it is dropped and counted in
DESCRIPTION natv2InstanceFragmentDrops.
"The current number of entries in the port map table in total
over the whole NAT instance, including static mappings. A
port map entry maps from a given external realm, address,
and port for a given protocol to an internal realm, address,
and port. This definition includes 'hairpin' mappings, where
the external realm is the same as the internal one. Port map
entries are also tracked per subscriber and per protocol and
address pool within the instance."
REFERENCE
"RFC yyyy Section 3.3.9.
Hairpinning: RFC 4787 Section 6."
::= { natv2InstanceEntry 8 } fragmentOutOfOrder(2), the capability REQUIRED by RFC 4787
REQ-14, implies the capability to translate fragments even
when they arrive out of order, subject to a protective
limit natv2InstanceLimitPendingFragments on total number of
fragments awaiting the first fragment of the chain. If the
implementation supports this capability,
natv2InstanceFragmentDrops is incremented only when a new
fragment arrives but is dropped because the limit on pending
fragments has already been reached."
REFERENCE
"RFC 4787 section 11."
::= { natv2InstanceEntry 6 }
-- Statistics -- State
natv2InstanceTranslations OBJECT-TYPE natv2InstanceAddressMapEntries OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of translated packets passing through "The current number of address map entries in total over the
this NAT instance. This value MUST be monotone increasing in whole NAT instance, including static mappings. An address
the periods between updates of map entry maps from a given internal address and realm to an
natv2InstanceDiscontinuityTime. If a manager detects a external address in a particular external realm. This
change in the latter since the last time it sampled this definition includes 'hairpin' mappings, where the external
counter, it SHOULD NOT make use of the difference between realm is the same as the internal one. Address map entries
the latest value of the counter and any value retrieved are also tracked per subscriber and per address pool within
before the new value of natv2InstanceDiscontinuityTime." the instance."
::= { natv2InstanceEntry 9 } REFERENCE
"RFC yyyy Section 3.3.8. RFC 4787 section 6."
::= { natv2InstanceEntry 7 }
natv2InstanceAddressMapCreations OBJECT-TYPE natv2InstancePortMapEntries OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of address map entries created by the "The current number of entries in the port map table in total
NAT instance, including static mappings. Address map over the whole NAT instance, including static mappings. A
creations are also tracked per address pool within the port map entry maps from a given external realm, address,
instance and per subscriber. and port for a given protocol to an internal realm, address,
and port. This definition includes 'hairpin' mappings, where
the external realm is the same as the internal one. Port map
entries are also tracked per subscriber and per protocol and
address pool within the instance."
REFERENCE
"RFC yyyy Section 3.3.9.
Hairpinning: RFC 4787 Section 6."
::= { natv2InstanceEntry 8 }
This value MUST be monotone increasing in -- Statistics
the periods between updates of natv2InstanceTranslations OBJECT-TYPE
natv2InstanceDiscontinuityTime. If a manager detects a SYNTAX Counter64
change in the latter since the last time it sampled this MAX-ACCESS read-only
counter, it SHOULD NOT make use of the difference between STATUS current
the latest value of the counter and any value retrieved DESCRIPTION
before the new value of natv2InstanceDiscontinuityTime." "The cumulative number of translated packets passing through
::= { natv2InstanceEntry 10 } this NAT instance. This value MUST be monotone increasing in
the periods between updates of
natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 9 }
natv2InstancePortMapCreations OBJECT-TYPE natv2InstanceAddressMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of port map entries created by the "The cumulative number of address map entries created by the
NAT instance, including static mappings. Port map NAT instance, including static mappings. Address map
creations are also tracked per protocol and address pool creations are also tracked per address pool within the
within the instance and per subscriber. instance and per subscriber.
This value MUST be monotone increasing in This value MUST be monotone increasing in
the periods between updates of the periods between updates of
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 11 } ::= { natv2InstanceEntry 10 }
natv2InstanceAddressMapEntryLimitDrops OBJECT-TYPE natv2InstancePortMapCreations OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped rather than "The cumulative number of port map entries created by the
translated because the packet would have triggered NAT instance, including static mappings. Port map
the creation of a new address map entry but the limit creations are also tracked per protocol and address pool
on number of address map entries for the NAT instance within the instance and per subscriber.
given by natv2InstanceLimitAddressMapEntries has
already been reached.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in
between updates of the entity's the periods between updates of
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 12 } ::= { natv2InstanceEntry 11 }
natv2InstancePortMapEntryLimitDrops OBJECT-TYPE natv2InstanceAddressMapEntryLimitDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped rather than "The cumulative number of packets dropped rather than
translated because the packet would have triggered translated because the packet would have triggered
the creation of a new port map entry but the limit the creation of a new address map entry but the limit
on number of port map entries for the NAT instance on number of address map entries for the NAT instance
given by natv2InstanceLimitPortMapEntries has given by natv2InstanceLimitAddressMapEntries has
already been reached. already been reached.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 13 } ::= { natv2InstanceEntry 12 }
natv2InstanceSubscriberActiveLimitDrops OBJECT-TYPE natv2InstancePortMapEntryLimitDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped rather than "The cumulative number of packets dropped rather than
translated because the packet would have triggered the translated because the packet would have triggered
creation of a new mapping for a subscriber with no other the creation of a new port map entry but the limit
active mappings, but the limit on number of active on number of port map entries for the NAT instance
subscribers for the NAT instance given by given by natv2InstanceLimitPortMapEntries has
natv2InstanceLimitSubscriberActives has already been already been reached.
reached.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 14 } ::= { natv2InstanceEntry 13 }
natv2InstanceAddressMapFailureDrops OBJECT-TYPE natv2InstanceSubscriberActiveLimitDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped because the packet "The cumulative number of packets dropped rather than
would have triggered the creation of a new address map translated because the packet would have triggered the
entry, but no address could be allocated in the selected creation of a new mapping for a subscriber with no other
external realm because all addresses from the selected active mappings, but the limit on number of active
address pool (or the whole realm, if no address pool has subscribers for the NAT instance given by
been configured for that realm) have already been fully natv2InstanceLimitSubscriberActives has already been
allocated. reached.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 15 } ::= { natv2InstanceEntry 14 }
natv2InstancePortMapFailureDrops OBJECT-TYPE natv2InstanceAddressMapFailureDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped because the "The cumulative number of packets dropped because the packet
packet would have triggered the creation of a new would have triggered the creation of a new address map
port map entry, but no port could be allocated for the entry, but no address could be allocated in the selected
protocol concerned. The usual case for this will be external realm because all addresses from the selected
for a NAT instance that supports address pooling and address pool (or the whole realm, if no address pool has
the 'paired' pooling behavior recommended by RFC 4787, been configured for that realm) have already been fully
where the internal endpoint has used up all of the allocated.
ports allocated to it for the address it was mapped to
in the selected address pool in the external realm
concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
If the NAT instance supports address pooling but its This value MUST be monotone increasing in the periods
pooling behavior is 'arbitrary' (meaning that between updates of the entity's
the NAT instance can allocate a new port mapping for natv2InstanceDiscontinuityTime. If a manager detects a
the given internal endpoint on any address in the change in the latter since the last time it sampled this
selected address pool and is not bound to what it has counter, it SHOULD NOT make use of the difference between
already mapped for that endpoint), then this counter the latest value of the counter and any value retrieved
is incremented when all ports for the protocol concerned before the new value of natv2InstanceDiscontinuityTime."
over the whole of the selected address pool are already ::= { natv2InstanceEntry 15 }
in use.
Finally, if no address pools have been configured for the natv2InstancePortMapFailureDrops OBJECT-TYPE
external realm concerned, then this counter is incremented SYNTAX Counter64
because all ports for the protocol involved over the whole MAX-ACCESS read-only
set of addresses available for that external realm are STATUS current
already in use. DESCRIPTION
"The cumulative number of packets dropped because the
packet would have triggered the creation of a new
port map entry, but no port could be allocated for the
protocol concerned. The usual case for this will be
for a NAT instance that supports address pooling and
the 'paired' pooling behavior recommended by RFC 4787,
where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to
in the selected address pool in the external realm
concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
This value MUST be monotone increasing in the periods If the NAT instance supports address pooling but its
between updates of the entity's pooling behavior is 'arbitrary' (meaning that
natv2InstanceDiscontinuityTime. If a manager detects a the NAT instance can allocate a new port mapping for
change in the latter since the last time it sampled this the given internal endpoint on any address in the
counter, it SHOULD NOT make use of the difference between selected address pool and is not bound to what it has
the latest value of the counter and any value retrieved already mapped for that endpoint), then this counter
before the new value of natv2InstanceDiscontinuityTime." is incremented when all ports for the protocol concerned
REFERENCE over the whole of the selected address pool are already
"Pooling behavior: RFC 4787, end of section 4.1." in use.
::= { natv2InstanceEntry 16 }
natv2InstanceFragmentDrops OBJECT-TYPE Finally, if no address pools have been configured for the
SYNTAX Counter64 external realm concerned, then this counter is incremented
MAX-ACCESS read-only because all ports for the protocol involved over the whole
STATUS current set of addresses available for that external realm are
DESCRIPTION already in use.
"The cumulative number of fragments received by the NAT
instance but dropped rather than translated. When the NAT
instance supports the 'Receive Fragment Out of Order'
capability as required by RFC 4787, this occurs because the
fragment was received out of order and would be added to the
queue of fragments awaiting the initial fragment of the
chain, but the queue has already reached the limit set by
natv2InstanceLimitsPendingFragments. Counting in other cases
is specified in the description of
natv2InstanceFragmentBehavior.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
REFERENCE REFERENCE
"RFC 4787, section 11." "Pooling behavior: RFC 4787, end of section 4.1."
::= { natv2InstanceEntry 17 } ::= { natv2InstanceEntry 16 }
natv2InstanceOtherResourceFailureDrops OBJECT-TYPE natv2InstanceFragmentDrops OBJECT-TYPE
SYNTAX Counter64 SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of packets dropped because of "The cumulative number of fragments received by the NAT
unavailability of a resource other than an address or port instance but dropped rather than translated. When the NAT
that would have been required to process it. The most likely instance supports the 'Receive Fragment Out of Order'
case is where the upper layer protocol in the packet is not capability as required by RFC 4787, this occurs because the
supported by the NAT instance. fragment was received out of order and would be added to the
queue of fragments awaiting the initial fragment of the
chain, but the queue has already reached the limit set by
natv2InstanceLimitsPendingFragments. Counting in other cases
is specified in the description of
natv2InstanceFragmentBehavior.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2InstanceDiscontinuityTime. If a manager detects a natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime." before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 18 } REFERENCE
"RFC 4787, section 11."
::= { natv2InstanceEntry 17 }
natv2InstanceDiscontinuityTime OBJECT-TYPE natv2InstanceOtherResourceFailureDrops OBJECT-TYPE
SYNTAX TimeStamp SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Snapshot of the value of the sysUpTime object at the "The cumulative number of packets dropped because of
beginning of the latest period of continuity of the unavailability of a resource other than an address or port
statistical counters associated with this NAT instance." that would have been required to process it. The most likely
::= { natv2InstanceEntry 19 } case is where the upper layer protocol in the packet is not
supported by the NAT instance.
-- Notification thresholds, disabled by setting to zero This value MUST be monotone increasing in the periods
between updates of the entity's
natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
::= { natv2InstanceEntry 18 }
natv2InstanceThresholdAddressMapEntriesHigh OBJECT-TYPE natv2InstanceDiscontinuityTime OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX TimeStamp
MAX-ACCESS read-write MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Notification threshold for total number of address map "Snapshot of the value of the sysUpTime object at the
entries held by this NAT instance. Whenever beginning of the latest period of continuity of the
natv2InstanceAddressMapEntries is updated, if it equals or statistical counters associated with this NAT instance."
exceeds natv2InstanceThresholdAddressMapEntriesHigh, then ::= { natv2InstanceEntry 19 }
natv2NotificationInstanceAddressMapEntriesHigh may be
triggered, unless the notification is disabled by setting
the threshold to 0. Reporting is subject to the minimum
inter-notification interval given by
natv2InstanceNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report
only the one containing the highest value of
natv2InstanceAddressMapEntries and discard the others."
DEFVAL
{ 0 }
::= { natv2InstanceEntry 20 }
natv2InstanceThresholdPortMapEntriesHigh OBJECT-TYPE -- Notification thresholds, disabled by setting to zero
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Notification threshold for total number of port map
entries held by this NAT instance. Whenever
natv2InstancePortMapEntries is updated, if it equals or
exceeds natv2InstanceThresholdPortMapEntriesHigh, then
natv2NotificationInstancePortMapEntriesHigh may be
triggered, unless the notification is disabled by setting
the threshold to 0. Reporting is subject to the minimum
inter-notification interval given by
natv2InstanceNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report
only the one containing the highest value of
natv2InstancePortMapEntries and discard the others."
DEFVAL
{ 0 }
::= { natv2InstanceEntry 21 }
natv2InstanceNotificationInterval OBJECT-TYPE natv2InstanceThresholdAddressMapEntriesHigh OBJECT-TYPE
SYNTAX Unsigned32 (1..3600) SYNTAX Integer32
UNITS MAX-ACCESS read-write
"Seconds" STATUS current
MAX-ACCESS read-write DESCRIPTION
STATUS current "Notification threshold for total number of address map
DESCRIPTION entries held by this NAT instance. Whenever
"Minimum number of seconds (default 10) between successive natv2InstanceAddressMapEntries is updated, if it equals or
notifications for this NAT instance. Controls the reporting exceeds natv2InstanceThresholdAddressMapEntriesHigh, then
of natv2NotificationInstanceAddressMapEntriesHigh and natv2NotificationInstanceAddressMapEntriesHigh may be
natv2NotificationInstancePortMapEntriesHigh." triggered, unless the notification is disabled by setting
DEFVAL the threshold to -1. Reporting is subject to the minimum
{ 10 } inter-notification interval given by
::= { natv2InstanceEntry 22 } natv2InstanceNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report
only the one containing the highest value of
natv2InstanceAddressMapEntries and discard the others."
DEFVAL
{ -1 }
::= { natv2InstanceEntry 20 }
-- Limits, disabled if set to 0 natv2InstanceThresholdPortMapEntriesHigh OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Notification threshold for total number of port map
entries held by this NAT instance. Whenever
natv2InstancePortMapEntries is updated, if it equals or
exceeds natv2InstanceThresholdPortMapEntriesHigh, then
natv2NotificationInstancePortMapEntriesHigh may be
triggered, unless the notification is disabled by setting
the threshold to -1. Reporting is subject to the minimum
inter-notification interval given by
natv2InstanceNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report
only the one containing the highest value of
natv2InstancePortMapEntries and discard the others."
DEFVAL
{ -1 }
::= { natv2InstanceEntry 21 }
natv2InstanceLimitAddressMapEntries OBJECT-TYPE natv2InstanceNotificationInterval OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32 (1..3600)
MAX-ACCESS read-write UNITS
STATUS current "Seconds"
DESCRIPTION MAX-ACCESS read-write
"Limit on total number of address map entries supported by STATUS current
the NAT instance. When natv2InstanceAddressMapEntries has DESCRIPTION
reached this limit, subsequent packets that would normally "Minimum number of seconds between successive
trigger creation of a new address map entry will be dropped notifications for this NAT instance. Controls the reporting
and counted in natv2InstanceAddressMapEntryLimitDrops. of natv2NotificationInstanceAddressMapEntriesHigh and
Warning of an approach to this limit can be achieved by natv2NotificationInstancePortMapEntriesHigh."
setting natv2InstanceThresholdAddressMapEntriesHigh to a DEFVAL
non-zero value, for example, 80% of the limit. The limit is { 10 }
disabled by setting its value to zero (default value). ::= { natv2InstanceEntry 22 }
For further information please see the descriptions of -- Limits, disabled if set to 0
natv2NotificationInstanceAddressMapEntriesHigh and
natv2InstanceAddressMapEntries."
DEFVAL
{ 0 }
::= { natv2InstanceEntry 23 }
natv2InstanceLimitPortMapEntries OBJECT-TYPE natv2InstanceLimitAddressMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on total number of port map entries supported by the "Limit on total number of address map entries supported by
NAT instance. When natv2InstancePortMapEntries has reached the NAT instance. When natv2InstanceAddressMapEntries has
this limit, subsequent packets that would normally trigger reached this limit, subsequent packets that would normally
creation of a new port map entry will be dropped and counted trigger creation of a new address map entry will be dropped
in natv2InstancePortMapEntryLimitDrops. Warning of an and counted in natv2InstanceAddressMapEntryLimitDrops.
approach to this limit can be achieved by setting Warning of an approach to this limit can be achieved by
natv2InstanceThresholdPortMapEntriesHigh to a non-zero setting natv2InstanceThresholdAddressMapEntriesHigh to a
value, for example, 80% of the limit. The limit is disabled non-zero value, for example, 80% of the limit. The limit is
by setting its value to zero (default value). disabled by setting its value to zero.
For further information please see the descriptions of For further information please see the descriptions of
natv2NotificationInstancePortMapEntriesHigh and natv2NotificationInstanceAddressMapEntriesHigh and
natv2InstancePortMapEntries." natv2InstanceAddressMapEntries."
DEFVAL DEFVAL
{ 0 } { 0 }
::= { natv2InstanceEntry 24 } ::= { natv2InstanceEntry 23 }
natv2InstanceLimitPendingFragments OBJECT-TYPE natv2InstanceLimitPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on number of out-of-order fragments received by the "Limit on total number of port map entries supported by the
NAT instance from remote sources and held until head of NAT instance. When natv2InstancePortMapEntries has reached
chain appears. While the number of held fragments is at this this limit, subsequent packets that would normally trigger
limit, subsequent packets that contain fragments not creation of a new port map entry will be dropped and counted
relating to those already held will be dropped and counted in natv2InstancePortMapEntryLimitDrops. Warning of an
in natv2InstancePendingFragmentLimitDrops. The limit is approach to this limit can be achieved by setting
disabled by setting the value to zero (default value). natv2InstanceThresholdPortMapEntriesHigh to a non-zero
value, for example, 80% of the limit. The limit is disabled
by setting its value to zero.
Applicable only when the NAT instance supports 'Receive For further information please see the descriptions of
Fragments Out of Order' behavior, leave at default natv2NotificationInstancePortMapEntriesHigh and
otherwise. See the description of natv2InstancePortMapEntries."
natv2InstanceFragmentBehavior." DEFVAL
REFERENCE { 0 }
"RFC 4787 Section 11" ::= { natv2InstanceEntry 24 }
DEFVAL { 0 }
::= { natv2InstanceEntry 25 }
natv2InstanceLimitSubscriberActives OBJECT-TYPE natv2InstanceLimitPendingFragments OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Unsigned32
MAX-ACCESS read-write MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Limit on number of total number of active subscribers "Limit on number of out-of-order fragments received by the
supported by the NAT instance. An active subscriber is NAT instance from remote sources and held until head of
defined as any subscriber with at least one map entry, chain appears. While the number of held fragments is at this
including static mappings. While the number of active limit, subsequent packets that contain fragments not
subscribers is at this limit, subsequent packets that would relating to those already held will be dropped and counted
otherwise trigger first mappings for newly active in natv2InstancePendingFragmentLimitDrops. The limit is
subscribers will be dropped and counted in disabled by setting the value to zero.
natv2InstanceSubscriberActiveLimitDrops. The limit is
disabled by setting the value to zero (default value)."
DEFVAL { 0 }
::= { natv2InstanceEntry 26 }
-- Table of counters per upper layer protocol identified by the Applicable only when the NAT instance supports 'Receive
-- packet header and supported by the NAT instance Fragments Out of Order' behavior, leave at default
otherwise. See the description of
natv2InstanceFragmentBehavior."
REFERENCE
"RFC 4787 Section 11"
DEFVAL { 0 }
::= { natv2InstanceEntry 25 }
natv2ProtocolTable OBJECT-TYPE natv2InstanceLimitSubscriberActives OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2ProtocolEntry SYNTAX Unsigned32
MAX-ACCESS not-accessible MAX-ACCESS read-write
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Table of protocols with per-protocol counters. Conceptual "Limit on number of total number of active subscribers
rows of the table are indexed by the combination of the NAT supported by the NAT instance. An active subscriber is
instance number and the IANA-assigned upper layer protocol defined as any subscriber with at least one map entry,
number as given by the ProtocolNumber TC and contained in including static mappings. While the number of active
the packet IP header. It is up to the agent implementation subscribers is at this limit, subsequent packets that would
to determine and operate upon only those upper layer otherwise trigger first mappings for newly active
protocol numbers supported by the NAT instance." subscribers will be dropped and counted in
REFERENCE natv2InstanceSubscriberActiveLimitDrops. The limit is
"RFC yyyy Section 3.3.5." disabled by setting the value to zero."
::= { natv2MIBInstanceObjects 2 }
natv2ProtocolEntry OBJECT-TYPE DEFVAL { 0 }
SYNTAX Natv2ProtocolEntry ::= { natv2InstanceEntry 26 }
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Per-protocol counters."
INDEX { natv2ProtocolInstanceIndex,
natv2ProtocolNumber }
::= { natv2ProtocolTable 1 }
Natv2ProtocolEntry ::= -- Table of counters per upper layer protocol identified by the
SEQUENCE { -- packet header and supported by the NAT instance
natv2ProtocolInstanceIndex Natv2InstanceIndex,
natv2ProtocolNumber ProtocolNumber,
-- State
natv2ProtocolPortMapEntries Unsigned32,
-- Statistics. Discontinuity object from instance table reused here.
natv2ProtocolTranslations Counter64,
natv2ProtocolPortMapCreations Counter64,
natv2ProtocolPortMapFailureDrops Counter64
}
natv2ProtocolInstanceIndex OBJECT-TYPE natv2ProtocolTable OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX SEQUENCE OF Natv2ProtocolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT instance index. It is up to the implementation to "Table of protocols with per-protocol counters. Conceptual
determine and operate upon only those values that rows of the table are indexed by the combination of the NAT
correspond to in-service NAT instances." instance number and the IANA-assigned upper layer protocol
::= { natv2ProtocolEntry 1 } number as given by the ProtocolNumber TC and contained in
the packet IP header. It is up to the agent implementation
to determine and operate upon only those upper layer
protocol numbers supported by the NAT instance."
REFERENCE
"RFC yyyy Section 3.3.5."
::= { natv2MIBInstanceObjects 2 }
natv2ProtocolNumber OBJECT-TYPE natv2ProtocolEntry OBJECT-TYPE
SYNTAX ProtocolNumber SYNTAX Natv2ProtocolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Counters in this conceptual row apply to packets indicating "Per-protocol counters."
the upper layer protocol identified by the value of INDEX { natv2ProtocolInstanceIndex,
this object. It is up to the implementation to determine and natv2ProtocolNumber }
operate upon only those values that correspond to protocols ::= { natv2ProtocolTable 1 }
supported by the NAT instance."
REFERENCE
"RFC yyyy Section 3.3.5.
IANA Protocol Numbers, http://www.iana.org/assignments/
protocol-numbers/protocol-numbers.xhtml#protocol-numbers-1"
::= { natv2ProtocolEntry 2 }
-- State Natv2ProtocolEntry ::=
natv2ProtocolPortMapEntries OBJECT-TYPE SEQUENCE {
SYNTAX Unsigned32 natv2ProtocolInstanceIndex Natv2InstanceIndex,
MAX-ACCESS read-only natv2ProtocolNumber ProtocolNumber,
STATUS current -- State
DESCRIPTION natv2ProtocolPortMapEntries Unsigned32,
"The current number of entries in the port map table in total -- Statistics. Discontinuity object from instance table reused here.
over the whole NAT instance for a given protocol, including natv2ProtocolTranslations Counter64,
static mappings. A port map entry maps from a given external natv2ProtocolPortMapCreations Counter64,
realm, address, and port for a given protocol to an internal natv2ProtocolPortMapFailureDrops Counter64
realm, address, and port. This definition includes 'hairpin' }
mappings, where the external realm is the same as the
internal one. Port map entries are also tracked per
subscriber, per instance, and per address pool within the
instance."
REFERENCE
"RFC yyyy Section 3.3.5 and Section 3.3.9. Hairpinning:
RFC 4787 Section 6."
::= { natv2ProtocolEntry 3 }
-- Statistics natv2ProtocolInstanceIndex OBJECT-TYPE
natv2ProtocolTranslations OBJECT-TYPE SYNTAX Natv2InstanceIndex
SYNTAX Counter64 MAX-ACCESS not-accessible
MAX-ACCESS read-only STATUS current
STATUS current DESCRIPTION
DESCRIPTION "NAT instance index. It is up to the implementation to
"The cumulative number of packets translated by the NAT determine and operate upon only those values that
instance in either direction for the given protocol. correspond to in-service NAT instances."
::= { natv2ProtocolEntry 1 }
This value MUST be monotone increasing in the periods natv2ProtocolNumber OBJECT-TYPE
between updates of the NAT instance SYNTAX ProtocolNumber
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS not-accessible
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "Counters in this conceptual row apply to packets indicating
before the new value of natv2InstanceDiscontinuityTime." the upper layer protocol identified by the value of
::= { natv2ProtocolEntry 4 } this object. It is up to the implementation to determine and
operate upon only those values that correspond to protocols
supported by the NAT instance."
REFERENCE
"RFC yyyy Section 3.3.5.
IANA Protocol Numbers, http://www.iana.org/assignments/
protocol-numbers/protocol-numbers.xhtml#protocol-numbers-1"
::= { natv2ProtocolEntry 2 }
natv2ProtocolPortMapCreations OBJECT-TYPE -- State
SYNTAX Counter64 natv2ProtocolPortMapEntries OBJECT-TYPE
MAX-ACCESS read-only SYNTAX Unsigned32
STATUS current MAX-ACCESS read-only
DESCRIPTION STATUS current
"The cumulative number of port map entries created by the NAT DESCRIPTION
instance for the given protocol. "The current number of entries in the port map table in total
over the whole NAT instance for a given protocol, including
static mappings. A port map entry maps from a given external
realm, address, and port for a given protocol to an internal
realm, address, and port. This definition includes 'hairpin'
mappings, where the external realm is the same as the
internal one. Port map entries are also tracked per
subscriber, per instance, and per address pool within the
instance."
REFERENCE
"RFC yyyy Section 3.3.5 and Section 3.3.9. Hairpinning:
RFC 4787 Section 6."
::= { natv2ProtocolEntry 3 }
This value MUST be monotone increasing in the periods -- Statistics
between updates of the NAT instance natv2ProtocolTranslations OBJECT-TYPE
natv2InstanceDiscontinuityTime. If a manager detects a SYNTAX Counter64
change in the latter since the last time it sampled this MAX-ACCESS read-only
counter, it SHOULD NOT make use of the difference between STATUS current
the latest value of the counter and any value retrieved DESCRIPTION
before the new value of natv2InstanceDiscontinuityTime." "The cumulative number of packets translated by the NAT
::= { natv2ProtocolEntry 5 } instance in either direction for the given protocol.
natv2ProtocolPortMapFailureDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the NAT instance
MAX-ACCESS read-only natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets dropped because the packet the latest value of the counter and any value retrieved
would have triggered the creation of a new port map entry, before the new value of natv2InstanceDiscontinuityTime."
but no port could be allocated for the protocol concerned. ::= { natv2ProtocolEntry 4 }
The usual case for this will be for a NAT instance that
supports address pooling and the 'paired' pooling behavior
recommended by RFC 4787, where the internal endpoint has
used up all of the ports allocated to it for the address it
was mapped to in the selected address pool in the external
realm concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
If the NAT instance supports address pooling but its natv2ProtocolPortMapCreations OBJECT-TYPE
pooling behavior is 'arbitrary' (meaning that SYNTAX Counter64
the NAT instance can allocate a new port mapping for MAX-ACCESS read-only
the given internal endpoint on any address in the STATUS current
selected address pool and is not bound to what it has DESCRIPTION
already mapped for that endpoint), then this counter "The cumulative number of port map entries created by the NAT
is incremented when all ports for the protocol concerned instance for the given protocol.
over the whole of the selected address pool are already
in use.
Finally, if the NAT instance has no configured address This value MUST be monotone increasing in the periods
pooling, then this counter is incremented because all between updates of the NAT instance
ports for the protocol concerned over the whole of the natv2InstanceDiscontinuityTime. If a manager detects a
NAT instance for the external realm concerned are already change in the latter since the last time it sampled this
in use. counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
::= { natv2ProtocolEntry 5 }
This value MUST be monotone increasing in the periods natv2ProtocolPortMapFailureDrops OBJECT-TYPE
between updates of the NAT instance SYNTAX Counter64
natv2InstanceDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of packets dropped because the packet
before the new value of natv2InstanceDiscontinuityTime." would have triggered the creation of a new port map entry,
REFERENCE but no port could be allocated for the protocol concerned.
"RFC 4787, end of section 4.1." The usual case for this will be for a NAT instance that
::= { natv2ProtocolEntry 6 } supports address pooling and the 'paired' pooling behavior
recommended by RFC 4787, where the internal endpoint has
used up all of the ports allocated to it for the address it
was mapped to in the selected address pool in the external
realm concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
-- pools If the NAT instance supports address pooling but its
pooling behavior is 'arbitrary' (meaning that
the NAT instance can allocate a new port mapping for
the given internal endpoint on any address in the
selected address pool and is not bound to what it has
already mapped for that endpoint), then this counter
is incremented when all ports for the protocol concerned
over the whole of the selected address pool are already
in use.
natv2PoolTable OBJECT-TYPE Finally, if the NAT instance has no configured address
SYNTAX SEQUENCE OF Natv2PoolEntry pooling, then this counter is incremented because all
MAX-ACCESS not-accessible ports for the protocol concerned over the whole of the
STATUS current NAT instance for the external realm concerned are already
DESCRIPTION in use.
"Table of address pools, applicable only if these are
supported by the NAT instance. An address pool is a set of
addresses and ports in a particular realm, available for
assignment to the 'external' portion of a mapping. Where more
than one pool has been configured for the realm, policy
determines which subscribers and/or services are mapped to
which pool. natv2PoolTable provides basic information, state,
statistics, and two notification thresholds for each pool.
natv2PoolRangeTable is an expansion table for natv2PoolTable
that identifies particular address ranges allocated to the
pool."
REFERENCE
"RFC yyyy Section 3.3.6."
::= { natv2MIBInstanceObjects 3 }
natv2PoolEntry OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Natv2PoolEntry between updates of the NAT instance
MAX-ACCESS not-accessible natv2InstanceDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"Entry in the table of address pools." the latest value of the counter and any value retrieved
INDEX { natv2PoolInstanceIndex, natv2PoolIndex } before the new value of natv2InstanceDiscontinuityTime."
::= { natv2PoolTable 1 } REFERENCE
"RFC 4787, end of section 4.1."
::= { natv2ProtocolEntry 6 }
Natv2PoolEntry ::= -- pools
SEQUENCE {
-- Index
natv2PoolInstanceIndex Natv2InstanceIndex,
natv2PoolIndex Natv2PoolIndex,
-- Configuration
natv2PoolRealm SnmpAdminString,
natv2PoolAddressType InetAddressType,
natv2PoolMinimumPort InetPortNumber,
natv2PoolMaximumPort InetPortNumber,
-- State
natv2PoolAddressMapEntries Unsigned32,
natv2PoolPortMapEntries Unsigned32,
-- Statistics and discontinuity time
natv2PoolAddressMapCreations Counter64,
natv2PoolPortMapCreations Counter64,
natv2PoolAddressMapFailureDrops Counter64,
natv2PoolPortMapFailureDrops Counter64,
natv2PoolDiscontinuityTime TimeStamp,
-- Notification thresholds and objects returned by notifications
natv2PoolThresholdUsageLow Integer32,
natv2PoolThresholdUsageHigh Unsigned32,
natv2PoolNotifiedPortMapEntries Unsigned32,
natv2PoolNotifiedPortMapProtocol ProtocolNumber,
natv2PoolNotificationInterval Unsigned32
}
natv2PoolInstanceIndex OBJECT-TYPE natv2PoolTable OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX SEQUENCE OF Natv2PoolEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"NAT instance index. It is up to the agent implementation "Table of address pools, applicable only if these are
to determine and operate upon only those values that supported by the NAT instance. An address pool is a set of
correspond to in-service NAT instances." addresses and ports in a particular realm, available for
::= { natv2PoolEntry 1 } assignment to the 'external' portion of a mapping. Where more
than one pool has been configured for the realm, policy
determines which subscribers and/or services are mapped to
which pool. natv2PoolTable provides basic information, state,
statistics, and two notification thresholds for each pool.
natv2PoolRangeTable is an expansion table for natv2PoolTable
that identifies particular address ranges allocated to the
pool."
REFERENCE
"RFC yyyy Section 3.3.6."
natv2PoolIndex OBJECT-TYPE ::= { natv2MIBInstanceObjects 3 }
SYNTAX Natv2PoolIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of an address pool, unique for a given NAT instance.
It is up to the agent implementation to determine and
operate upon only those values that correspond to
provisioned pools."
::= { natv2PoolEntry 2 }
-- configuration natv2PoolEntry OBJECT-TYPE
natv2PoolRealm OBJECT-TYPE SYNTAX Natv2PoolEntry
SYNTAX SnmpAdminString (SIZE (0..32)) MAX-ACCESS not-accessible
MAX-ACCESS read-only STATUS current
STATUS current DESCRIPTION
DESCRIPTION "Entry in the table of address pools."
"Address realm to which this pool's addresses belong." INDEX { natv2PoolInstanceIndex, natv2PoolIndex }
REFERENCE ::= { natv2PoolTable 1 }
"Address realms are discussed in Section 3.3.3 of
RFC yyyy. Primary reference is RFC 2663 Section 2.1."
::= { natv2PoolEntry 3 }
natv2PoolAddressType OBJECT-TYPE Natv2PoolEntry ::=
SYNTAX InetAddressType SEQUENCE {
MAX-ACCESS read-create -- Index
STATUS current natv2PoolInstanceIndex Natv2InstanceIndex,
DESCRIPTION natv2PoolIndex Natv2PoolIndex,
"Address type supplied by this address pool. This will be the -- Configuration
same for all pools in a given realm (by definition of an natv2PoolRealm SnmpAdminString,
address realm). Values other than ipv4(1) or ipv6(2) would natv2PoolAddressType InetAddressType,
be unexpected." natv2PoolMinimumPort InetPortNumber,
REFERENCE natv2PoolMaximumPort InetPortNumber,
"InetAddressType in RFC 4001." -- State
::= { natv2PoolEntry 4 } natv2PoolAddressMapEntries Unsigned32,
natv2PoolPortMapEntries Unsigned32,
-- Statistics and discontinuity time
natv2PoolAddressMapCreations Counter64,
natv2PoolPortMapCreations Counter64,
natv2PoolAddressMapFailureDrops Counter64,
natv2PoolPortMapFailureDrops Counter64,
natv2PoolDiscontinuityTime TimeStamp,
-- Notification thresholds and objects returned by notifications
natv2PoolThresholdUsageLow Integer32,
natv2PoolThresholdUsageHigh Integer32,
natv2PoolNotifiedPortMapEntries Unsigned32,
natv2PoolNotifiedPortMapProtocol ProtocolNumber,
natv2PoolNotificationInterval Unsigned32
}
natv2PoolMinimumPort OBJECT-TYPE natv2PoolInstanceIndex OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX Natv2InstanceIndex
MAX-ACCESS read-create MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Minimum port number of the range that can be allocated in "NAT instance index. It is up to the agent implementation
this pool. Applies to all protocols supported by the NAT to determine and operate upon only those values that
instance." correspond to in-service NAT instances."
::= { natv2PoolEntry 1 }
REFERENCE natv2PoolIndex OBJECT-TYPE
"InetPortNumber in RFC 4001." SYNTAX Natv2PoolIndex
::= { natv2PoolEntry 5 } MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of an address pool, unique for a given NAT instance.
It is up to the agent implementation to determine and
operate upon only those values that correspond to
provisioned pools."
::= { natv2PoolEntry 2 }
natv2PoolMaximumPort OBJECT-TYPE -- configuration
SYNTAX InetPortNumber natv2PoolRealm OBJECT-TYPE
MAX-ACCESS read-create SYNTAX SnmpAdminString (SIZE (0..32))
STATUS current MAX-ACCESS read-only
DESCRIPTION STATUS current
"Maximum port number of the range that can be allocated in DESCRIPTION
this pool. Applies to all protocols supported by the NAT "Address realm to which this pool's addresses belong."
instance." REFERENCE
REFERENCE "Address realms are discussed in Section 3.3.3 of
"InetPortNumber in RFC 4001." RFC yyyy. Primary reference is RFC 2663 Section 2.1."
::= { natv2PoolEntry 6 } ::= { natv2PoolEntry 3 }
-- State natv2PoolAddressType OBJECT-TYPE
natv2PoolAddressMapEntries OBJECT-TYPE SYNTAX InetAddressType
SYNTAX Unsigned32 MAX-ACCESS read-create
MAX-ACCESS read-only STATUS current
STATUS current DESCRIPTION
DESCRIPTION "Address type supplied by this address pool. This will be the
"The current number of address map entries using external same for all pools in a given realm (by definition of an
addresses drawn from this pool, including static mappings. address realm). Values other than ipv4(1) or ipv6(2) would
This definition includes 'hairpin' mappings, where the be unexpected."
external realm is the same as the internal one. Address map REFERENCE
entries are also tracked per subscriber and per instance." "InetAddressType in RFC 4001."
REFERENCE ::= { natv2PoolEntry 4 }
"RFC yyyy Section 3.3.8. Hairpinning: RFC 4787 section 6."
::= { natv2PoolEntry 7 }
natv2PoolPortMapEntries OBJECT-TYPE natv2PoolMinimumPort OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS read-create
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The current number of entries in the port map table using "Minimum port number of the range that can be allocated in
external addresses and ports drawn from this pool, including this pool. Applies to all protocols supported by the NAT
static mappings. This definition includes 'hairpin' instance."
mappings, where the external realm is the same as the REFERENCE
internal one. Port map entries are also tracked per "InetPortNumber in RFC 4001."
subscriber, per instance, and per protocol within the ::= { natv2PoolEntry 5 }
instance."
REFERENCE
"RFC yyyy Section 3.3.9. Hairpinning: RFC 4787 Section 6."
::= { natv2PoolEntry 8 }
-- Statistics and discontinuity time natv2PoolMaximumPort OBJECT-TYPE
natv2PoolAddressMapCreations OBJECT-TYPE SYNTAX InetPortNumber
SYNTAX Counter64 MAX-ACCESS read-create
MAX-ACCESS read-only STATUS current
STATUS current DESCRIPTION
DESCRIPTION "Maximum port number of the range that can be allocated in
"The cumulative number of address map entries created in this this pool. Applies to all protocols supported by the NAT
pool, including static mappings. Address map entries are instance."
also tracked per instance and per subscriber. REFERENCE
"InetPortNumber in RFC 4001."
::= { natv2PoolEntry 6 }
This value MUST be monotone increasing in -- State
the periods between updates of the entity's natv2PoolAddressMapEntries OBJECT-TYPE
natv2PoolDiscontinuityTime. If a manager detects a SYNTAX Unsigned32
change in the latter since the last time it sampled this MAX-ACCESS read-only
counter, it SHOULD NOT make use of the difference between STATUS current
the latest value of the counter and any value retrieved DESCRIPTION
before the new value of natv2PoolDiscontinuityTime." "The current number of address map entries using external
::= { natv2PoolEntry 9 } addresses drawn from this pool, including static mappings.
This definition includes 'hairpin' mappings, where the
external realm is the same as the internal one. Address map
entries are also tracked per subscriber and per instance."
REFERENCE
"RFC yyyy Section 3.3.8. Hairpinning: RFC 4787 section 6."
::= { natv2PoolEntry 7 }
natv2PoolPortMapCreations OBJECT-TYPE natv2PoolPortMapEntries OBJECT-TYPE
SYNTAX Counter64 SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The cumulative number of port map entries created in this "The current number of entries in the port map table using
pool, including static mappings. Port map entries are also external addresses and ports drawn from this pool, including
tracked per instance, per protocol, and per subscriber. static mappings. This definition includes 'hairpin'
mappings, where the external realm is the same as the
internal one. Port map entries are also tracked per
subscriber, per instance, and per protocol within the
instance."
REFERENCE
"RFC yyyy Section 3.3.9. Hairpinning: RFC 4787 Section 6."
::= { natv2PoolEntry 8 }
This value MUST be monotone increasing in the periods -- Statistics and discontinuity time
between updates of the entity's natv2PoolAddressMapCreations OBJECT-TYPE
natv2PoolDiscontinuityTime. If a manager detects a SYNTAX Counter64
change in the latter since the last time it sampled this MAX-ACCESS read-only
counter, it SHOULD NOT make use of the difference between STATUS current
the latest value of the counter and any value retrieved DESCRIPTION
before the new value of natv2PoolDiscontinuityTime." "The cumulative number of address map entries created in this
::= { natv2PoolEntry 10 } pool, including static mappings. Address map entries are
also tracked per instance and per subscriber.
natv2PoolAddressMapFailureDrops OBJECT-TYPE This value MUST be monotone increasing in
SYNTAX Counter64 the periods between updates of the entity's
MAX-ACCESS read-only natv2PoolDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets originated by the the latest value of the counter and any value retrieved
subscriber that were dropped because the packet would have before the new value of natv2PoolDiscontinuityTime."
triggered the creation of a new address map entry, but no ::= { natv2PoolEntry 9 }
address could be allocated from this address pool because
all addresses in the pool have already been fully allocated.
Counters of this event are also provided per instance, per
protocol and per subscriber.
This value MUST be monotone increasing in the periods natv2PoolPortMapCreations OBJECT-TYPE
between updates of the entity's SYNTAX Counter64
natv2PoolDiscontinuityTime. If a manager detects a MAX-ACCESS read-only
change in the latter since the last time it sampled this STATUS current
counter, it SHOULD NOT make use of the difference between DESCRIPTION
the latest value of the counter and any value retrieved "The cumulative number of port map entries created in this
before the new value of natv2PoolDiscontinuityTime." pool, including static mappings. Port map entries are also
::= { natv2PoolEntry 11 } tracked per instance, per protocol, and per subscriber.
natv2PoolPortMapFailureDrops OBJECT-TYPE This value MUST be monotone increasing in the periods
SYNTAX Counter64 between updates of the entity's
MAX-ACCESS read-only natv2PoolDiscontinuityTime. If a manager detects a
STATUS current change in the latter since the last time it sampled this
DESCRIPTION counter, it SHOULD NOT make use of the difference between
"The cumulative number of packets dropped because the packet the latest value of the counter and any value retrieved
would have triggered the creation of a new port map entry, before the new value of natv2PoolDiscontinuityTime."
but no port could be allocated for the protocol concerned. ::= { natv2PoolEntry 10 }
The usual case for this will be for a NAT instance that
supports the 'paired' pooling behavior recommended by RFC
4787, where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to in
this pool and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
If the NAT instance pooling behavior is 'arbitrary' (meaning natv2PoolAddressMapFailureDrops OBJECT-TYPE
that the NAT instance can allocate a new port mapping for SYNTAX Counter64
the given internal endpoint on any address in the selected MAX-ACCESS read-only
address pool and is not bound to what it has already mapped STATUS current
for that endpoint), then this counter is incremented when DESCRIPTION
all ports for the protocol concerned over the whole of this "The cumulative number of packets originated by the
address pool are already in use. subscriber that were dropped because the packet would have
triggered the creation of a new address map entry, but no
address could be allocated from this address pool because
all addresses in the pool have already been fully allocated.
Counters of this event are also provided per instance, per
protocol and per subscriber.
This value MUST be monotone increasing in the periods This value MUST be monotone increasing in the periods
between updates of the entity's between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime." before the new value of natv2PoolDiscontinuityTime."
REFERENCE ::= { natv2PoolEntry 11 }
"Pooling behavior: RFC 4787, end of section 4.1."
::= { natv2PoolEntry 12 }
natv2PoolDiscontinuityTime OBJECT-TYPE natv2PoolPortMapFailureDrops OBJECT-TYPE
SYNTAX TimeStamp SYNTAX Counter64
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Snapshot of the value of the sysUpTime object at the "The cumulative number of packets dropped because the packet
beginning of the latest period of continuity of the would have triggered the creation of a new port map entry,
statistical counters associated with this address but no port could be allocated for the protocol concerned.
pool. This MUST be initialized when the address pool The usual case for this will be for a NAT instance that
is configured and MUST be updated whenever the port supports the 'paired' pooling behavior recommended by RFC
or address ranges allocated to the pool change." 4787, where the internal endpoint has used up all of the
::= { natv2PoolEntry 14 } ports allocated to it for the address it was mapped to in
this pool and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
-- Notification thresholds and objects returned by notifications If the NAT instance pooling behavior is 'arbitrary' (meaning
natv2PoolThresholdUsageLow OBJECT-TYPE that the NAT instance can allocate a new port mapping for
SYNTAX Integer32 (-1|0..100) the given internal endpoint on any address in the selected
UNITS "Percent" address pool and is not bound to what it has already mapped
MAX-ACCESS read-write for that endpoint), then this counter is incremented when
STATUS current all ports for the protocol concerned over the whole of this
DESCRIPTION address pool are already in use.
"Threshold for reporting low utilization of the address pool.
Utilization at a given instant is calculated as the
percentage of ports allocated in port map entries for the
most-used protocol at that instant. If utilization is less
than or equal to natv2PoolThresholdUsageLow, an instance of
natv2NotificationPoolUsageLow may be triggered, unless
disabled by setting it to -1. Note the difference from the
disabling setting for other notifications. Reporting is
subject to the per-pool notification interval given by
natv2PoolNotificationInterval. If multiple notifications are
triggered during one interval, the agent MUST report only
the one with the lowest value of
natv2PoolNotifiedPortMapEntries and discard the others.
Implementation note: the percentage specified by this object This value MUST be monotone increasing in the periods
can be converted to a number of port map entries at between updates of the entity's
configuration time (after port and address ranges have been natv2PoolDiscontinuityTime. If a manager detects a
configured or reconfigured) and compared to the current change in the latter since the last time it sampled this
value of natv2PoolNotifiedPortMapEntries." counter, it SHOULD NOT make use of the difference between
REFERENCE the latest value of the counter and any value retrieved
"RFC yyyy Section 3.1.2 and Section 3.3.6." before the new value of natv2PoolDiscontinuityTime."
DEFVAL { -1 } REFERENCE
::= { natv2PoolEntry 15 } "Pooling behavior: RFC 4787, end of section 4.1."
::= { natv2PoolEntry 12 }
natv2PoolThresholdUsageHigh OBJECT-TYPE natv2PoolDiscontinuityTime OBJECT-TYPE
SYNTAX Unsigned32 (0..100) SYNTAX TimeStamp
UNITS "Percent" MAX-ACCESS read-only
MAX-ACCESS read-write STATUS current
STATUS current DESCRIPTION
DESCRIPTION "Snapshot of the value of the sysUpTime object at the
"Threshold for reporting high utilization of the address beginning of the latest period of continuity of the
pool. Utilization at a given instant is calculated as the statistical counters associated with this address
percentage of ports allocated in port map entries for the pool. This MUST be initialized when the address pool
most-used protocol at that instant. If utilization is is configured and MUST be updated whenever the port
greater than or equal to natv2PoolThresholdUsageHigh, an or address ranges allocated to the pool change."
instance of natv2NotificationPoolUsageHigh may be triggered, ::= { natv2PoolEntry 13 }
unless disabled by setting it to 0.
Reporting is subject to the per-pool notification interval -- Notification thresholds and objects returned by notifications
given by natv2PoolNotificationInterval. If multiple natv2PoolThresholdUsageLow OBJECT-TYPE
notifications are triggered during one interval, the agent SYNTAX Integer32 (-1|0..100)
MUST report only the one with the highest value of UNITS "Percent"
natv2PoolNotifiedPortMapEntries and discard the others. In MAX-ACCESS read-write
the rare case where both upper and lower thresholds STATUS current
are crossed in the same interval, the agent MUST report only DESCRIPTION
the upper threshold notification. "Threshold for reporting low utilization of the address pool.
Utilization at a given instant is calculated as the
percentage of ports allocated in port map entries for the
most-used protocol at that instant. If utilization is less
than or equal to natv2PoolThresholdUsageLow, an instance of
natv2NotificationPoolUsageLow may be triggered, unless
disabled by setting it to -1. Note the difference from the
disabling setting for other notifications. Reporting is
subject to the per-pool notification interval given by
natv2PoolNotificationInterval. If multiple notifications are
triggered during one interval, the agent MUST report only
the one with the lowest value of
natv2PoolNotifiedPortMapEntries and discard the others.
Implementation note: the percentage specified by this object Implementation note: the percentage specified by this object
can be converted to a number of port map entries at can be converted to a number of port map entries at
configuration time (after port and address ranges have been configuration time (after port and address ranges have been
configured or reconfigured) and compared to the current configured or reconfigured) and compared to the current
value of natv2PoolNotifiedPortMapEntries." value of natv2PoolNotifiedPortMapEntries."
DEFVAL { 0 } REFERENCE
::= { natv2PoolEntry 16 } "RFC yyyy Section 3.1.2 and Section 3.3.6."
DEFVAL { -1 }
::= { natv2PoolEntry 14 }
natv2PoolNotifiedPortMapEntries OBJECT-TYPE natv2PoolThresholdUsageHigh OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Integer32 (-1|0..100)
MAX-ACCESS accessible-for-notify UNITS "Percent"
STATUS current MAX-ACCESS read-write
DESCRIPTION STATUS current
"Number of port map entries using addresses and ports from DESCRIPTION
this address pool for the most-used protocol at a given "Threshold for reporting high utilization of the address
instant. One of the objects returned by pool. Utilization at a given instant is calculated as the
natv2NotificationPoolUsageLow and percentage of ports allocated in port map entries for the
natv2NotificationPoolUsageHigh." most-used protocol at that instant. If utilization is
::= { natv2PoolEntry 17 } greater than or equal to natv2PoolThresholdUsageHigh, an
instance of natv2NotificationPoolUsageHigh may be triggered,
unless disabled by setting it to -1.
natv2PoolNotifiedPortMapProtocol OBJECT-TYPE Reporting is subject to the per-pool notification interval
SYNTAX ProtocolNumber given by natv2PoolNotificationInterval. If multiple
MAX-ACCESS accessible-for-notify notifications are triggered during one interval, the agent
STATUS current MUST report only the one with the highest value of
DESCRIPTION natv2PoolNotifiedPortMapEntries and discard the others. In
"The most-used protocol (i.e., with the largest number of the rare case where both upper and lower thresholds
port map entries) mapped into this address pool at a given are crossed in the same interval, the agent MUST report only
instant. One of the objects returned by the upper threshold notification.
natv2NotificationPoolUsageLow and
natv2NotificationPoolUsageHigh."
::= { natv2PoolEntry 18 } Implementation note: the percentage specified by this object
can be converted to a number of port map entries at
configuration time (after port and address ranges have been
configured or reconfigured) and compared to the current
value of natv2PoolNotifiedPortMapEntries."
DEFVAL { -1 }
::= { natv2PoolEntry 15 }
natv2PoolNotificationInterval OBJECT-TYPE natv2PoolNotifiedPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32 (1..3600) SYNTAX Unsigned32
UNITS MAX-ACCESS accessible-for-notify
"Seconds" STATUS current
MAX-ACCESS read-write DESCRIPTION
STATUS current "Number of port map entries using addresses and ports from
DESCRIPTION this address pool for the most-used protocol at a given
"Minimum number of seconds (default 20) between successive instant. One of the objects returned by
notifications for this address pool. Controls the generation natv2NotificationPoolUsageLow and
of natv2NotificationPoolUsageLow and natv2NotificationPoolUsageHigh."
natv2NotificationPoolUsageHigh." ::= { natv2PoolEntry 16 }
DEFVAL
{ 20 }
::= { natv2PoolEntry 19 }
natv2PoolRangeTable OBJECT-TYPE natv2PoolNotifiedPortMapProtocol OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2PoolRangeEntry SYNTAX ProtocolNumber
MAX-ACCESS not-accessible MAX-ACCESS accessible-for-notify
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"This table contains address ranges used by pool entries. "The most-used protocol (i.e., with the largest number of
It is an expansion of natv2PoolTable." port map entries) mapped into this address pool at a given
REFERENCE instant. One of the objects returned by
"RFC yyyy <xref target='poolRangeTable'/>." natv2NotificationPoolUsageLow and
::= { natv2MIBInstanceObjects 4 } natv2NotificationPoolUsageHigh."
::= { natv2PoolEntry 17 }
natv2PoolRangeEntry OBJECT-TYPE natv2PoolNotificationInterval OBJECT-TYPE
SYNTAX Natv2PoolRangeEntry SYNTAX Unsigned32 (1..3600)
MAX-ACCESS not-accessible UNITS
STATUS current "Seconds"
DESCRIPTION MAX-ACCESS read-write
"NAT pool address range." STATUS current
INDEX { DESCRIPTION
natv2PoolRangeInstanceIndex, "Minimum number of seconds between successive
natv2PoolRangePoolIndex, notifications for this address pool. Controls the generation
natv2PoolRangeRowIndex of natv2NotificationPoolUsageLow and
} natv2NotificationPoolUsageHigh."
::= { natv2PoolRangeTable 1 } DEFVAL
{ 20 }
::= { natv2PoolEntry 18 }
Natv2PoolRangeEntry ::= natv2PoolRangeTable OBJECT-TYPE
SEQUENCE { SYNTAX SEQUENCE OF Natv2PoolRangeEntry
natv2PoolRangeInstanceIndex Natv2InstanceIndex, MAX-ACCESS not-accessible
natv2PoolRangePoolIndex Natv2PoolIndex, STATUS current
natv2PoolRangeRowIndex Unsigned32, DESCRIPTION
natv2PoolRangeBegin InetAddress, "This table contains address ranges used by pool entries.
natv2PoolRangeEnd InetAddress It is an expansion of natv2PoolTable."
} REFERENCE
"RFC yyyy <xref target='poolRangeTable'/>."
::= { natv2MIBInstanceObjects 4 }
natv2PoolRangeInstanceIndex OBJECT-TYPE natv2PoolRangeEntry OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX Natv2PoolRangeEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the NAT instance on which the address pool and this "NAT pool address range."
address range are configured. See Natv2InstanceIndex." INDEX {
::= { natv2PoolRangeEntry 1 } natv2PoolRangeInstanceIndex,
natv2PoolRangePoolIndex,
natv2PoolRangeRowIndex
}
::= { natv2PoolRangeTable 1 }
natv2PoolRangePoolIndex OBJECT-TYPE Natv2PoolRangeEntry ::=
SYNTAX Natv2PoolIndex SEQUENCE {
MAX-ACCESS not-accessible natv2PoolRangeInstanceIndex Natv2InstanceIndex,
STATUS current natv2PoolRangePoolIndex Natv2PoolIndex,
DESCRIPTION natv2PoolRangeRowIndex Unsigned32,
"Index of the address pool to which this address range natv2PoolRangeBegin InetAddress,
belongs. See Natv2PoolIndex." natv2PoolRangeEnd InetAddress
::= { natv2PoolRangeEntry 2 } }
natv2PoolRangeRowIndex OBJECT-TYPE natv2PoolRangeInstanceIndex OBJECT-TYPE
SYNTAX Unsigned32 SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Row index for successive range entries for the same "Index of the NAT instance on which the address pool and this
address pool." address range are configured. See Natv2InstanceIndex."
::= { natv2PoolRangeEntry 3 } ::= { natv2PoolRangeEntry 1 }
natv2PoolRangeBegin OBJECT-TYPE natv2PoolRangePoolIndex OBJECT-TYPE
SYNTAX InetAddress SYNTAX Natv2PoolIndex
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Lowest address included in this range. The type of address "Index of the address pool to which this address range
(IPv4 or IPv6) is given by natv2PoolAddressType belongs. See Natv2PoolIndex."
in natv2PoolTable." ::= { natv2PoolRangeEntry 2 }
::= { natv2PoolRangeEntry 4 }
natv2PoolRangeEnd OBJECT-TYPE natv2PoolRangeRowIndex OBJECT-TYPE
SYNTAX InetAddress SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Highest address included in this range. The type of address "Row index for successive range entries for the same
(IPv4 or IPv6) is given by natv2PoolAddressType address pool."
in natv2PoolTable." ::= { natv2PoolRangeEntry 3 }
::= { natv2PoolRangeEntry 5 } natv2PoolRangeBegin OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Lowest address included in this range. The type of address
(IPv4 or IPv6) is given by natv2PoolAddressType
in natv2PoolTable."
::= { natv2PoolRangeEntry 4 }
-- indexed mapping tables natv2PoolRangeEnd OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Highest address included in this range. The type of address
(IPv4 or IPv6) is given by natv2PoolAddressType
in natv2PoolTable."
::= { natv2PoolRangeEntry 5 }
-- Address Map Table. Mapped from internal to external address. -- indexed mapping tables
natv2AddressMapTable OBJECT-TYPE -- Address Map Table. Mapped from internal to external address.
SYNTAX SEQUENCE OF Natv2AddressMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of mappings from internal to external address. By
definition, this is a snapshot of NAT instance state at a
given moment. Indexed by NAT instance, internal realm, and
internal address in that realm. Provides the mapped external
address and, depending on implementation support, identifies
the address pool from which the external address and port
were taken and the index of the subscriber to which the
mapping has been allocated.
In the case of DS-Lite [RFC 6333], the indexing realm and natv2AddressMapTable OBJECT-TYPE
address are those of the IPv6 encapsulation rather than the SYNTAX SEQUENCE OF Natv2AddressMapEntry
IPv4 inner packet." MAX-ACCESS not-accessible
REFERENCE STATUS current
"RFC yyyy Section 3.3.8. DS-Lite: RFC 6333" DESCRIPTION
::= { natv2MIBInstanceObjects 5 } "Table of mappings from internal to external address. By
definition, this is a snapshot of NAT instance state at a
given moment. Indexed by NAT instance, internal realm, and
internal address in that realm. Provides the mapped external
address and, depending on implementation support, identifies
the address pool from which the external address and port
were taken and the index of the subscriber to which the
mapping has been allocated.
natv2AddressMapEntry OBJECT-TYPE In the case of DS-Lite [RFC 6333], the indexing realm and
SYNTAX Natv2AddressMapEntry address are those of the IPv6 encapsulation rather than the
MAX-ACCESS not-accessible IPv4 inner packet."
STATUS current REFERENCE
DESCRIPTION "RFC yyyy Section 3.3.8. DS-Lite: RFC 6333"
"Mapping from internal to external address." ::= { natv2MIBInstanceObjects 5 }
INDEX { natv2AddressMapInstanceIndex,
natv2AddressMapInternalRealm,
natv2AddressMapInternalAddressType,
natv2AddressMapInternalAddress,
natv2AddressMapRowIndex }
::= { natv2AddressMapTable 1 }
Natv2AddressMapEntry ::= natv2AddressMapEntry OBJECT-TYPE
SEQUENCE { SYNTAX Natv2AddressMapEntry
natv2AddressMapInstanceIndex Natv2InstanceIndex, MAX-ACCESS not-accessible
natv2AddressMapInternalRealm SnmpAdminString, STATUS current
natv2AddressMapInternalAddressType InetAddressType, DESCRIPTION
natv2AddressMapInternalAddress InetAddress, "Mapping from internal to external address."
natv2AddressMapRowIndex Unsigned32, INDEX { natv2AddressMapInstanceIndex,
natv2AddressMapInternalMappedAddressType InetAddressType, natv2AddressMapInternalRealm,
natv2AddressMapInternalMappedAddress InetAddress, natv2AddressMapInternalAddressType,
natv2AddressMapExternalRealm SnmpAdminString, natv2AddressMapInternalAddress,
natv2AddressMapExternalAddressType InetAddressType, natv2AddressMapRowIndex }
natv2AddressMapExternalAddress InetAddress, ::= { natv2AddressMapTable 1 }
natv2AddressMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2AddressMapSubscriberIndex Natv2SubscriberIndexOrZero
}
natv2AddressMapInstanceIndex OBJECT-TYPE Natv2AddressMapEntry ::=
SYNTAX Natv2InstanceIndex SEQUENCE {
MAX-ACCESS not-accessible natv2AddressMapInstanceIndex Natv2InstanceIndex,
STATUS current natv2AddressMapInternalRealm SnmpAdminString,
DESCRIPTION natv2AddressMapInternalAddressType InetAddressType,
"Index of the NAT instance that generated this address map." natv2AddressMapInternalAddress InetAddress,
::= { natv2AddressMapEntry 1 } natv2AddressMapRowIndex Unsigned32,
natv2AddressMapInternalMappedAddressType InetAddressType,
natv2AddressMapInternalMappedAddress InetAddress,
natv2AddressMapExternalRealm SnmpAdminString,
natv2AddressMapExternalAddressType InetAddressType,
natv2AddressMapExternalAddress InetAddress,
natv2AddressMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2AddressMapSubscriberIndex Natv2SubscriberIndexOrZero
}
natv2AddressMapInternalRealm OBJECT-TYPE natv2AddressMapInstanceIndex OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Realm to which the internal address belongs. In most cases "Index of the NAT instance that generated this address map."
this is the realm defining the address space of the packet ::= { natv2AddressMapEntry 1 }
being translated. However, in the case of DS-Lite [RFC
6333], this realm defines the IPv6 outer header address
space. It is the combination of that outer header and
the inner IPv4 packet header that is remapped to the
external address and realm. The corresponding IPv4 realm is
restricted in scope to the tunnel, so there is no point in
identifying it. The mapped IPv4 address will normally be the
well-known value 192.0.0.2, or at least lie in the reserved
192.0.0.0/29 range.
If natv2AddressMapSubscriberIndex in this table is a valid natv2AddressMapInternalRealm OBJECT-TYPE
subscriber index (i.e., greater than zero), then the value SYNTAX SnmpAdminString (SIZE(0..32))
of natv2AddressMapInternalRealm MUST be identical to the MAX-ACCESS not-accessible
value of natv2SubscriberRealm associated with that index." STATUS current
REFERENCE DESCRIPTION
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "Realm to which the internal address belongs. In most cases
Section 6.6 on the need to have the IPv6 tunnel address in this is the realm defining the address space of the packet
the NAT mapping tables." being translated. However, in the case of DS-Lite [RFC
::= { natv2AddressMapEntry 2 } 6333], this realm defines the IPv6 outer header address
space. It is the combination of that outer header and
the inner IPv4 packet header that is remapped to the
external address and realm. The corresponding IPv4 realm is
restricted in scope to the tunnel, so there is no point in
identifying it. The mapped IPv4 address will normally be the
well-known value 192.0.0.2, or at least lie in the reserved
192.0.0.0/29 range.
natv2AddressMapInternalAddressType OBJECT-TYPE If natv2AddressMapSubscriberIndex in this table is a valid
SYNTAX InetAddressType subscriber index (i.e., greater than zero), then the value
MAX-ACCESS not-accessible of natv2AddressMapInternalRealm MUST be identical to the
STATUS current value of natv2SubscriberRealm associated with that index."
DESCRIPTION REFERENCE
"Address type in the header of packets on the "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
interior side of this mapping. Any value other than ipv4(1) Section 6.6 on the need to have the IPv6 tunnel address in
or ipv6(2) would be unexpected. the NAT mapping tables."
::= { natv2AddressMapEntry 2 }
In the DS-Lite case, the address type is ipv6(2)." natv2AddressMapInternalAddressType OBJECT-TYPE
REFERENCE SYNTAX InetAddressType
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and MAX-ACCESS not-accessible
Section 6.6 on the need to have the IPv6 tunnel source STATUS current
address in the NAT mapping tables." DESCRIPTION
::= { natv2AddressMapEntry 3 } "Address type in the header of packets on the
interior side of this mapping. Any value other than ipv4(1)
or ipv6(2) would be unexpected.
natv2AddressMapInternalAddress OBJECT-TYPE In the DS-Lite case, the address type is ipv6(2)."
SYNTAX InetAddress (SIZE (0..16)) REFERENCE
MAX-ACCESS not-accessible "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
STATUS current Section 6.6 on the need to have the IPv6 tunnel source
DESCRIPTION address in the NAT mapping tables."
"Source address of packets originating from the interior ::= { natv2AddressMapEntry 3 }
of the association provided by this mapping.
In the case of DS-Lite [RFC 6333], this is the IPv6 tunnel natv2AddressMapInternalAddress OBJECT-TYPE
source address. The mapping in this case is considered to SYNTAX InetAddress (SIZE (0..16))
be from the combination of the IPv6 tunnel source address MAX-ACCESS not-accessible
natv2AddressMapInternalRealmAddress and the well-known IPv4 STATUS current
inner source address natv2AddressMapInternalMappedAddress to DESCRIPTION
the external address." "Source address of packets originating from the interior
REFERENCE of the association provided by this mapping.
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables."
::= { natv2AddressMapEntry 4 }
natv2AddressMapRowIndex OBJECT-TYPE In the case of DS-Lite [RFC 6333], this is the IPv6 tunnel
SYNTAX Unsigned32 source address. The mapping in this case is considered to
MAX-ACCESS not-accessible be from the combination of the IPv6 tunnel source address
STATUS current natv2AddressMapInternalRealmAddress and the well-known IPv4
DESCRIPTION inner source address natv2AddressMapInternalMappedAddress to
"Index of a conceptual row corresponding to a mapping of the the external address."
given internal realm and address to a single external realm REFERENCE
and address. Multiple rows will be present because of a "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
promiscuous external address selection policy, policies Section 6.6 on the need to have the IPv6 tunnel address in
associating the same internal address with different address the NAT mapping tables."
pools, or because the same internal realm-address ::= { natv2AddressMapEntry 4 }
combination is communicating with multiple external address
realms."
::= { natv2AddressMapEntry 5 }
natv2AddressMapInternalMappedAddressType OBJECT-TYPE natv2AddressMapRowIndex OBJECT-TYPE
SYNTAX InetAddressType SYNTAX Unsigned32
MAX-ACCESS read-only MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address type actually translated by this mapping. "Index of a conceptual row corresponding to a mapping of the
Any value other than ipv4(1) or ipv6(2) would be unexpected. given internal realm and address to a single external realm
In the general case, this is the same as given by and address. Multiple rows will be present because of a
natv2AddressMapInternalRealmAddressType. In the promiscuous external address selection policy, policies
tunneled case it is the address type used in the associating the same internal address with different address
encapsulated packet header. In particular, in the DS-Lite pools, or because the same internal realm-address
case, the mapped address type is ipv4(1)." combination is communicating with multiple external address
REFERENCE realms."
"DS-Lite: RFC 6333." ::= { natv2AddressMapEntry 5 }
::= { natv2AddressMapEntry 6 }
natv2AddressMapInternalMappedAddress OBJECT-TYPE natv2AddressMapInternalMappedAddressType OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address actually translated by this mapping. In the "Internal address type actually translated by this mapping.
general case, this is the same as Any value other than ipv4(1) or ipv6(2) would be unexpected.
natv2AddressMapInternalRealmAddress. In the case of DS-Lite In the general case, this is the same as given by
[RFC 6333], this is the source address of the encapsulated natv2AddressMapInternalRealmAddressType. In the
IPv4 packet, normally lying the well-known range tunneled case it is the address type used in the
192.0.0.0/29. The mapping in this case is considered to be encapsulated packet header. In particular, in the DS-Lite
from the combination of the IPv6 tunnel source address case, the mapped address type is ipv4(1)."
natv2AddressMapInternalRealmAddress and the well-known IPv4 REFERENCE
inner source address natv2AddressMapInternalMappedAddress to "DS-Lite: RFC 6333."
the external address." ::= { natv2AddressMapEntry 6 }
REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables."
::= { natv2AddressMapEntry 7 }
natv2AddressMapExternalRealm OBJECT-TYPE natv2AddressMapInternalMappedAddress OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"External address realm to which this mapping maps the "Internal address actually translated by this mapping. In the
internal address. This can be the same as the internal realm general case, this is the same as
in the case of a 'hairpin' connection, but otherwise will be natv2AddressMapInternalRealmAddress. In the case of DS-Lite
different." [RFC 6333], this is the source address of the encapsulated
::= { natv2AddressMapEntry 8 } IPv4 packet, normally lying the well-known range
192.0.0.0/29. The mapping in this case is considered to be
from the combination of the IPv6 tunnel source address
natv2AddressMapInternalRealmAddress and the well-known IPv4
inner source address natv2AddressMapInternalMappedAddress to
the external address."
REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables."
::= { natv2AddressMapEntry 7 }
natv2AddressMapExternalAddressType OBJECT-TYPE natv2AddressMapExternalRealm OBJECT-TYPE
SYNTAX InetAddressType SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type for the external realm. Any value other than "External address realm to which this mapping maps the
ipv4(1) or ipv6(2) would be unexpected." internal address. This can be the same as the internal realm
::= { natv2AddressMapEntry 9 } in the case of a 'hairpin' connection, but otherwise will be
different."
::= { natv2AddressMapEntry 8 }
natv2AddressMapExternalAddress OBJECT-TYPE natv2AddressMapExternalAddressType OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"External address to which the internal address is mapped. "Address type for the external realm. Any value other than
ipv4(1) or ipv6(2) would be unexpected."
::= { natv2AddressMapEntry 9 }
In the DS-Lite case, the mapping is from the combination of natv2AddressMapExternalAddress OBJECT-TYPE
the internal IPv6 tunnel source address as presented in this SYNTAX InetAddress
table and the well-known IPv4 source address of the MAX-ACCESS read-only
encapsulated IPv4 packet." STATUS current
REFERENCE DESCRIPTION
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "External address to which the internal address is mapped.
Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables."
::= { natv2AddressMapEntry 10 }
natv2AddressMapExternalPoolIndex OBJECT-TYPE In the DS-Lite case, the mapping is from the combination of
SYNTAX Natv2PoolIndexOrZero the internal IPv6 tunnel source address as presented in this
MAX-ACCESS read-only table and the well-known IPv4 source address of the
STATUS current encapsulated IPv4 packet."
DESCRIPTION REFERENCE
"Index of the address pool in the external realm from which "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
the mapped external address given in Section 6.6 on the need to have the IPv6 tunnel address in
natv2AddressMapExternalAddress was taken. Zero if the the NAT mapping tables."
implementation does not support address pools but has chosen ::= { natv2AddressMapEntry 10 }
to support this object, or if no pool was configured for the
given external realm."
::= { natv2AddressMapEntry 11 }
natv2AddressMapSubscriberIndex OBJECT-TYPE natv2AddressMapExternalPoolIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero SYNTAX Natv2PoolIndexOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the subscriber to which this address mapping "Index of the address pool in the external realm from which
applies, or zero if no subscribers are configured on the mapped external address given in
this NAT instance." natv2AddressMapExternalAddress was taken. Zero if the
::= { natv2AddressMapEntry 12 } implementation does not support address pools but has chosen
to support this object, or if no pool was configured for the
given external realm."
::= { natv2AddressMapEntry 11 }
-- natv2PortMapTable natv2AddressMapSubscriberIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the subscriber to which this address mapping
applies, or zero if no subscribers are configured on
this NAT instance."
::= { natv2AddressMapEntry 12 }
natv2PortMapTable OBJECT-TYPE -- natv2PortMapTable
SYNTAX SEQUENCE OF Natv2PortMapEntry natv2PortMapTable OBJECT-TYPE
MAX-ACCESS not-accessible SYNTAX SEQUENCE OF Natv2PortMapEntry
STATUS current MAX-ACCESS not-accessible
DESCRIPTION STATUS current
"Table of port map entries indexed by NAT instance, protocol, DESCRIPTION
and external realm and address. A port map entry associates "Table of port map entries indexed by NAT instance, protocol,
an internal upper layer protocol endpoint with an endpoint and external realm and address. A port map entry associates
for the same protocol in the given external realm. By an internal upper layer protocol endpoint with an endpoint
definition, this is a snapshot of NAT instance state at a for the same protocol in the given external realm. By
given moment. The table provides the basic mapping definition, this is a snapshot of NAT instance state at a
information. given moment. The table provides the basic mapping
information.
In the case of DS-Lite [RFC 6333], the table provides the In the case of DS-Lite [RFC 6333], the table provides the
internal IPv6 tunnel source address in internal IPv6 tunnel source address in
natv2PortMapInternalRealmAddress and the IPv4 source address natv2PortMapInternalRealmAddress and the IPv4 source address
of the encapsulated packet that is actually translated in of the encapsulated packet that is actually translated in
natv2PortMapInternalMappedAddress. In the general (non-DS- natv2PortMapInternalMappedAddress. In the general (non-DS-
Lite) case, those two objects will have the same value." Lite) case, those two objects will have the same value."
REFERENCE REFERENCE
"RFC yyyy Section 3.3.9. DS-Lite: RFC 6333, Section 5.7 for "RFC yyyy Section 3.3.9. DS-Lite: RFC 6333, Section 5.7 for
well-known addresses and Section 6.6 on the need to have the well-known addresses and Section 6.6 on the need to have the
IPv6 tunnel address in the NAT mapping tables." IPv6 tunnel address in the NAT mapping tables."
::= { natv2MIBInstanceObjects 6 } ::= { natv2MIBInstanceObjects 6 }
natv2PortMapEntry OBJECT-TYPE natv2PortMapEntry OBJECT-TYPE
SYNTAX Natv2PortMapEntry SYNTAX Natv2PortMapEntry
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"A single NAT mapping." "A single NAT mapping."
INDEX { natv2PortMapInstanceIndex, INDEX { natv2PortMapInstanceIndex,
natv2PortMapProtocol, natv2PortMapProtocol,
natv2PortMapExternalRealm, natv2PortMapExternalRealm,
natv2PortMapExternalAddressType, natv2PortMapExternalAddressType,
natv2PortMapExternalAddress, natv2PortMapExternalAddress,
natv2PortMapExternalPort } natv2PortMapExternalPort }
::= { natv2PortMapTable 1 } ::= { natv2PortMapTable 1 }
Natv2PortMapEntry ::= Natv2PortMapEntry ::=
SEQUENCE { SEQUENCE {
natv2PortMapInstanceIndex Natv2InstanceIndex, natv2PortMapInstanceIndex Natv2InstanceIndex,
natv2PortMapProtocol ProtocolNumber, natv2PortMapProtocol ProtocolNumber,
natv2PortMapExternalRealm SnmpAdminString, natv2PortMapExternalRealm SnmpAdminString,
natv2PortMapExternalAddressType InetAddressType, natv2PortMapExternalAddressType InetAddressType,
natv2PortMapExternalAddress InetAddress, natv2PortMapExternalAddress InetAddress,
natv2PortMapExternalPort InetPortNumber, natv2PortMapExternalPort InetPortNumber,
natv2PortMapInternalRealm SnmpAdminString, natv2PortMapInternalRealm SnmpAdminString,
natv2PortMapInternalAddressType InetAddressType, natv2PortMapInternalAddressType InetAddressType,
natv2PortMapInternalAddress InetAddress, natv2PortMapInternalAddress InetAddress,
natv2PortMapInternalMappedAddressType InetAddressType, natv2PortMapInternalMappedAddressType InetAddressType,
natv2PortMapInternalMappedAddress InetAddress, natv2PortMapInternalMappedAddress InetAddress,
natv2PortMapInternalPort InetPortNumber, natv2PortMapInternalPort InetPortNumber,
natv2PortMapExternalPoolIndex Natv2PoolIndexOrZero, natv2PortMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2PortMapSubscriberIndex Natv2SubscriberIndexOrZero natv2PortMapSubscriberIndex Natv2SubscriberIndexOrZero
} }
natv2PortMapInstanceIndex OBJECT-TYPE natv2PortMapInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Index of the NAT instance that created this port map entry." "Index of the NAT instance that created this port map entry."
::= { natv2PortMapEntry 1 } ::= { natv2PortMapEntry 1 }
natv2PortMapProtocol OBJECT-TYPE natv2PortMapProtocol OBJECT-TYPE
SYNTAX ProtocolNumber SYNTAX ProtocolNumber
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The map entry's upper layer protocol number." "The map entry's upper layer protocol number."
::= { natv2PortMapEntry 2 } ::= { natv2PortMapEntry 2 }
natv2PortMapExternalRealm OBJECT-TYPE natv2PortMapExternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The realm to which natv2PortMapExternalAddress belongs." "The realm to which natv2PortMapExternalAddress belongs."
::= { natv2PortMapEntry 3 } ::= { natv2PortMapEntry 3 }
natv2PortMapExternalAddressType OBJECT-TYPE natv2PortMapExternalAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type for the external realm. A value other "Address type for the external realm. A value other
than ipv4(1) or ipv6(2) would be unexpected." than ipv4(1) or ipv6(2) would be unexpected."
::= { natv2PortMapEntry 4 } ::= { natv2PortMapEntry 4 }
natv2PortMapExternalAddress OBJECT-TYPE natv2PortMapExternalAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0..16)) SYNTAX InetAddress (SIZE (0..16))
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's assigned external address. (This address is "The mapping's assigned external address. (This address is
taken from the address pool identified by taken from the address pool identified by
natv2PortMapExternalPoolIndex, if the implementation natv2PortMapExternalPoolIndex, if the implementation
supports address pools and pools are configured for the supports address pools and pools are configured for the
given external realm.) This is the source address for given external realm.) This is the source address for
translated outgoing packets." translated outgoing packets."
::= { natv2PortMapEntry 5 } ::= { natv2PortMapEntry 5 }
natv2PortMapExternalPort OBJECT-TYPE natv2PortMapExternalPort OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
MAX-ACCESS not-accessible MAX-ACCESS not-accessible
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's assigned external port number. This is the "The mapping's assigned external port number. This is the
source port for translated outgoing packets. If the internal source port for translated outgoing packets. If the internal
port number given by natv2PortMapInternalPort is zero this port number given by natv2PortMapInternalPort is zero this
value MUST also be zero. Otherwise this MUST be a non-zero value MUST also be zero. Otherwise this MUST be a non-zero
value." value."
::= { natv2PortMapEntry 6 } ::= { natv2PortMapEntry 6 }
natv2PortMapInternalRealm OBJECT-TYPE natv2PortMapInternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32)) SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The realm to which natv2PortMapInternalRealmAddress belongs. "The realm to which natv2PortMapInternalRealmAddress belongs.
In the general case, this realm contains the address that is In the general case, this realm contains the address that is
being translated. In the DS-Lite [RFC 6333] case, this realm being translated. In the DS-Lite [RFC 6333] case, this realm
defines the IPv6 address space from which the tunnel source defines the IPv6 address space from which the tunnel source
address is taken. The realm of the encapsulated IPv4 address address is taken. The realm of the encapsulated IPv4 address
is restricted in scope to the tunnel, so there is no point is restricted in scope to the tunnel, so there is no point
in identifying it separately." in identifying it separately."
REFERENCE REFERENCE
"RFC 6333 DS-Lite." "RFC 6333 DS-Lite."
::= { natv2PortMapEntry 7 } ::= { natv2PortMapEntry 7 }
natv2PortMapInternalAddressType OBJECT-TYPE natv2PortMapInternalAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Address type for addresses in the realm identified by "Address type for addresses in the realm identified by
natv2PortMapInternalRealm." natv2PortMapInternalRealm."
::= { natv2PortMapEntry 8 } ::= { natv2PortMapEntry 8 }
natv2PortMapInternalAddress OBJECT-TYPE natv2PortMapInternalAddress OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Source address for packets received under this mapping on "Source address for packets received under this mapping on
the internal side of the NAT instance. In the general case the internal side of the NAT instance. In the general case
this address is the same as the address given in this address is the same as the address given in
natv2PortMapInternalMappedAddress. In the DS-Lite case, natv2PortMapInternalMappedAddress. In the DS-Lite case,
natv2PortMapInternalAddress is the IPv6 tunnel source natv2PortMapInternalAddress is the IPv6 tunnel source
address." address."
REFERENCE REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables." the NAT mapping tables."
::= { natv2PortMapEntry 9 } ::= { natv2PortMapEntry 9 }
natv2PortMapInternalMappedAddressType OBJECT-TYPE natv2PortMapInternalMappedAddressType OBJECT-TYPE
SYNTAX InetAddressType SYNTAX InetAddressType
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address type actually translated by this mapping. "Internal address type actually translated by this mapping.
Any value other than ipv4(1) or ipv6(2) would be unexpected. Any value other than ipv4(1) or ipv6(2) would be unexpected.
In the general case, this is the same as given by In the general case, this is the same as given by
natv2AddressMapInternalAddressType. In the DS-Lite natv2AddressMapInternalAddressType. In the DS-Lite
case, the address type is ipv4(1)." case, the address type is ipv4(1)."
REFERENCE REFERENCE
"DS-Lite: RFC 6333." "DS-Lite: RFC 6333."
::= { natv2PortMapEntry 10 } ::= { natv2PortMapEntry 10 }
natv2PortMapInternalMappedAddress OBJECT-TYPE natv2PortMapInternalMappedAddress OBJECT-TYPE
SYNTAX InetAddress SYNTAX InetAddress
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Internal address actually translated by this mapping. In the "Internal address actually translated by this mapping. In the
general case, this is the same as general case, this is the same as
natv2PortMapInternalRealmAddress. In the case of DS-Lite natv2PortMapInternalRealmAddress. In the case of DS-Lite
[RFC 6333], this is the source address of the encapsulated [RFC 6333], this is the source address of the encapsulated
IPv4 packet, normally selected from the well-known range IPv4 packet, normally selected from the well-known range
192.0.0.0/29. The mapping in this case is considered to be 192.0.0.0/29. The mapping in this case is considered to be
from the external address to the combination of the IPv6 from the external address to the combination of the IPv6
tunnel source address natv2PortMapInternalRealmAddress and tunnel source address natv2PortMapInternalRealmAddress and
the well-known IPv4 inner source address the well-known IPv4 inner source address
natv2PortMapInternalMappedAddress." natv2PortMapInternalMappedAddress."
REFERENCE REFERENCE
"DS-Lite: RFC 6333, Section 5.7 for well-known addresses and "DS-Lite: RFC 6333, Section 5.7 for well-known addresses and
Section 6.6 on the need to have the IPv6 tunnel address in Section 6.6 on the need to have the IPv6 tunnel address in
the NAT mapping tables." the NAT mapping tables."
::= { natv2PortMapEntry 11 } ::= { natv2PortMapEntry 11 }
natv2PortMapInternalPort OBJECT-TYPE natv2PortMapInternalPort OBJECT-TYPE
SYNTAX InetPortNumber SYNTAX InetPortNumber
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"The mapping's internal port number. If this is zero, ports "The mapping's internal port number. If this is zero, ports
are not translated (i.e., the NAT instance is a pure NAT are not translated (i.e., the NAT instance is a pure NAT
rather than a NAPT)." rather than a NAPT)."
::= { natv2PortMapEntry 12 } ::= { natv2PortMapEntry 12 }
natv2PortMapExternalPoolIndex OBJECT-TYPE natv2PortMapExternalPoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndexOrZero SYNTAX Natv2PoolIndexOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Identifies the address pool from which the external address "Identifies the address pool from which the external address
in this port map entry was taken. Zero if the implementation in this port map entry was taken. Zero if the implementation
does not support address pools but has chosen to support does not support address pools but has chosen to support
this object, or if no pools are configured for the given this object, or if no pools are configured for the given
external realm." external realm."
::= { natv2PortMapEntry 13 } ::= { natv2PortMapEntry 13 }
natv2PortMapSubscriberIndex OBJECT-TYPE natv2PortMapSubscriberIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero SYNTAX Natv2SubscriberIndexOrZero
MAX-ACCESS read-only MAX-ACCESS read-only
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Subscriber using this map entry. Zero if the implementation "Subscriber using this map entry. Zero if the implementation
does not support subscribers but has chosen to support does not support subscribers but has chosen to support
this object." this object."
::= { natv2PortMapEntry 14 } ::= { natv2PortMapEntry 14 }
-- Conformance section. Specifies three cumulatively more extensive -- Conformance section. Specifies three cumulatively more extensive
-- applications: basic NAT, pooled NAT, and carrier grade NAT -- applications: basic NAT, pooled NAT, and carrier grade NAT
natv2MIBConformance OBJECT IDENTIFIER ::= { natv2MIB 3 } natv2MIBConformance OBJECT IDENTIFIER ::= { natv2MIB 3 }
natv2MIBCompliances OBJECT IDENTIFIER ::= { natv2MIBConformance 1 } natv2MIBCompliances OBJECT IDENTIFIER ::= { natv2MIBConformance 1 }
natv2MIBGroups OBJECT IDENTIFIER ::= { natv2MIBConformance 2 } natv2MIBGroups OBJECT IDENTIFIER ::= { natv2MIBConformance 2 }
natv2MIBBasicCompliance MODULE-COMPLIANCE natv2MIBBasicCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Describes the requirements for conformance to the basic NAT "Describes the requirements for conformance to the basic NAT
application of NATv2 MIB." application of NATv2 MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup, MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup natv2BasicInstanceLevelGroup
} }
GROUP natv2BasicNotificationGroup GROUP natv2BasicNotificationGroup
DESCRIPTION DESCRIPTION
"The natv2BasicNotificationGroup is mandatory for all "The natv2BasicNotificationGroup is mandatory for all
NAT applications." NAT applications."
GROUP natv2BasicInstanceLevelGroup GROUP natv2BasicInstanceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2BasicInstanceLevelGroup is mandatory for all "The natv2BasicInstanceLevelGroup is mandatory for all
NAT applications." NAT applications."
::= { natv2MIBCompliances 1 } ::= { natv2MIBCompliances 1 }
natv2MIBPooledNATCompliance MODULE-COMPLIANCE natv2MIBPooledNATCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Describes the requirements for conformance to the pooled NAT "Describes the requirements for conformance to the pooled NAT
application of NATv2-MIB." application of NATv2-MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup, MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup, natv2BasicInstanceLevelGroup,
natv2PooledNotificationGroup, natv2PooledNotificationGroup,
natv2PooledInstanceLevelGroup natv2PooledInstanceLevelGroup
} }
GROUP natv2BasicNotificationGroup GROUP natv2BasicNotificationGroup
DESCRIPTION DESCRIPTION
"The natv2BasicNotificationGroup is mandatory for all "The natv2BasicNotificationGroup is mandatory for all
NAT applications." NAT applications."
GROUP natv2BasicInstanceLevelGroup GROUP natv2BasicInstanceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2BasicInstanceLevelGroup is mandatory for all "The natv2BasicInstanceLevelGroup is mandatory for all
NAT applications." NAT applications."
GROUP natv2PooledNotificationGroup GROUP natv2PooledNotificationGroup
DESCRIPTION DESCRIPTION
"The natv2PooledNotificationGroup is mandatory for "The natv2PooledNotificationGroup is mandatory for
the pooled and CGN applications." the pooled and CGN applications."
GROUP natv2PooledInstanceLevelGroup GROUP natv2PooledInstanceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2PooledInstanceLevelGroup is mandatory for "The natv2PooledInstanceLevelGroup is mandatory for
the pooled and CGN applications." the pooled and CGN applications."
::= { natv2MIBCompliances 2 } ::= { natv2MIBCompliances 2 }
natv2MIBCGNCompliance MODULE-COMPLIANCE natv2MIBCGNCompliance MODULE-COMPLIANCE
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Describes the requirements for conformance to the "Describes the requirements for conformance to the
carrier grade NAT application of NATv2-MIB." carrier grade NAT application of NATv2-MIB."
MODULE -- this module MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup, MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup, natv2BasicInstanceLevelGroup,
natv2PooledNotificationGroup, natv2PooledNotificationGroup,
natv2PooledInstanceLevelGroup, natv2PooledInstanceLevelGroup,
natv2CGNNotificationGroup, natv2CGNNotificationGroup,
natv2CGNDeviceLevelGroup, natv2CGNDeviceLevelGroup,
natv2CGNInstanceLevelGroup natv2CGNInstanceLevelGroup
} }
GROUP natv2BasicNotificationGroup GROUP natv2BasicNotificationGroup
DESCRIPTION DESCRIPTION
"The natv2BasicNotificationGroup is mandatory for all "The natv2BasicNotificationGroup is mandatory for all
NAT applications." NAT applications."
GROUP natv2BasicInstanceLevelGroup GROUP natv2BasicInstanceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2BasicInstanceLevelGroup is mandatory for all "The natv2BasicInstanceLevelGroup is mandatory for all
NAT applications." NAT applications."
GROUP natv2PooledNotificationGroup GROUP natv2PooledNotificationGroup
DESCRIPTION DESCRIPTION
"The natv2PooledNotificationGroup is mandatory for "The natv2PooledNotificationGroup is mandatory for
the pooled and CGN applications." the pooled and CGN applications."
GROUP natv2PooledInstanceLevelGroup GROUP natv2PooledInstanceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2PooledInstanceLevelGroup is mandatory for "The natv2PooledInstanceLevelGroup is mandatory for
the pooled and CGN applications." the pooled and CGN applications."
GROUP natv2CGNNotificationGroup GROUP natv2CGNNotificationGroup
DESCRIPTION DESCRIPTION
"The natv2CGNNotificationGroup is mandatory "The natv2CGNNotificationGroup is mandatory
for the carrier grade NAT application." for the carrier grade NAT application."
GROUP natv2CGNDeviceLevelGroup GROUP natv2CGNDeviceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2CGNDeviceLevelGroup is mandatory "The natv2CGNDeviceLevelGroup is mandatory
for the carrier grade NAT application." for the carrier grade NAT application."
GROUP natv2CGNInstanceLevelGroup GROUP natv2CGNInstanceLevelGroup
DESCRIPTION DESCRIPTION
"The natv2CGNInstanceLevelGroup is mandatory "The natv2CGNInstanceLevelGroup is mandatory
for the carrier grade NAT application." for the carrier grade NAT application."
::= { natv2MIBCompliances 3 } ::= { natv2MIBCompliances 3 }
-- Groups -- Groups
natv2BasicNotificationGroup NOTIFICATION-GROUP natv2BasicNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
natv2NotificationInstanceAddressMapEntriesHigh, natv2NotificationInstanceAddressMapEntriesHigh,
natv2NotificationInstancePortMapEntriesHigh natv2NotificationInstancePortMapEntriesHigh
}
STATUS current
DESCRIPTION
"Notifications that MUST be supported by all NAT
applications."
::= { natv2MIBGroups 1 }
} natv2BasicInstanceLevelGroup OBJECT-GROUP
STATUS current OBJECTS {
DESCRIPTION -- from natv2InstanceTable
"Notifications that MUST be supported by all NAT natv2InstanceAlias,
applications." natv2InstancePortMappingBehavior,
::= { natv2MIBGroups 1 } natv2InstanceFilteringBehavior,
natv2InstanceFragmentBehavior,
natv2InstanceAddressMapEntries,
natv2InstancePortMapEntries,
natv2InstanceTranslations,
natv2InstanceAddressMapCreations,
natv2InstanceAddressMapEntryLimitDrops,
natv2InstanceAddressMapFailureDrops,
natv2InstancePortMapCreations,
natv2InstancePortMapEntryLimitDrops,
natv2InstancePortMapFailureDrops,
natv2InstanceFragmentDrops,
natv2InstanceOtherResourceFailureDrops,
natv2InstanceDiscontinuityTime,
natv2InstanceThresholdAddressMapEntriesHigh,
natv2InstanceThresholdPortMapEntriesHigh,
natv2InstanceNotificationInterval,
natv2InstanceLimitAddressMapEntries,
natv2InstanceLimitPortMapEntries,
natv2InstanceLimitPendingFragments,
-- from natv2ProtocolTable
natv2ProtocolPortMapEntries,
natv2ProtocolTranslations,
natv2ProtocolPortMapCreations,
natv2ProtocolPortMapFailureDrops,
-- from natv2AddressMapTable
natv2AddressMapExternalRealm,
natv2AddressMapExternalAddressType,
natv2AddressMapExternalAddress,
-- from natv2PortMapTable
natv2PortMapInternalRealm,
natv2PortMapInternalAddressType,
natv2PortMapInternalAddress,
natv2PortMapInternalPort
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by
implementations of all NAT applications."
natv2BasicInstanceLevelGroup OBJECT-GROUP ::= { natv2MIBGroups 2 }
OBJECTS {
-- from natv2InstanceTable
natv2InstanceAlias,
natv2InstancePortMappingBehavior,
natv2InstanceFilteringBehavior,
natv2InstanceFragmentBehavior,
natv2InstanceAddressMapEntries,
natv2InstancePortMapEntries,
natv2InstanceTranslations,
natv2InstanceAddressMapCreations,
natv2InstanceAddressMapEntryLimitDrops,
natv2InstanceAddressMapFailureDrops,
natv2InstancePortMapCreations,
natv2InstancePortMapEntryLimitDrops,
natv2InstancePortMapFailureDrops,
natv2InstanceFragmentDrops,
natv2InstanceOtherResourceFailureDrops,
natv2InstanceDiscontinuityTime,
natv2InstanceThresholdAddressMapEntriesHigh,
natv2InstanceThresholdPortMapEntriesHigh,
natv2InstanceNotificationInterval,
natv2InstanceLimitAddressMapEntries,
natv2InstanceLimitPortMapEntries,
natv2InstanceLimitPendingFragments,
-- from natv2ProtocolTable
natv2ProtocolPortMapEntries,
natv2ProtocolTranslations,
natv2ProtocolPortMapCreations,
natv2ProtocolPortMapFailureDrops,
-- from natv2AddressMapTable
natv2AddressMapExternalRealm,
natv2AddressMapExternalAddressType,
natv2AddressMapExternalAddress,
-- from natv2PortMapTable
natv2PortMapInternalRealm,
natv2PortMapInternalAddressType,
natv2PortMapInternalAddress,
natv2PortMapInternalPort
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by
implementations of all NAT applications."
::= { natv2MIBGroups 2 }
natv2PooledNotificationGroup NOTIFICATION-GROUP natv2PooledNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
natv2NotificationPoolUsageLow, natv2NotificationPoolUsageLow,
natv2NotificationPoolUsageHigh natv2NotificationPoolUsageHigh
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Notifications that MUST be supported by pooled and "Notifications that MUST be supported by pooled and
carrier-grade NAT applications." carrier-grade NAT applications."
::= { natv2MIBGroups 3 } ::= { natv2MIBGroups 3 }
natv2PooledInstanceLevelGroup OBJECT-GROUP natv2PooledInstanceLevelGroup OBJECT-GROUP
OBJECTS { OBJECTS {
-- from natv2InstanceTable -- from natv2InstanceTable
natv2InstancePoolingBehavior, natv2InstancePoolingBehavior,
-- from natv2PoolTable -- from natv2PoolTable
natv2PoolRealm, natv2PoolRealm,
natv2PoolAddressType, natv2PoolAddressType,
natv2PoolMinimumPort, natv2PoolMinimumPort,
natv2PoolMaximumPort, natv2PoolMaximumPort,
natv2PoolAddressMapEntries, natv2PoolAddressMapEntries,
natv2PoolPortMapEntries, natv2PoolPortMapEntries,
natv2PoolAddressMapCreations, natv2PoolAddressMapCreations,
natv2PoolPortMapCreations, natv2PoolPortMapCreations,
natv2PoolAddressMapFailureDrops, natv2PoolAddressMapFailureDrops,
natv2PoolPortMapFailureDrops, natv2PoolPortMapFailureDrops,
natv2PoolDiscontinuityTime, natv2PoolDiscontinuityTime,
natv2PoolThresholdUsageLow, natv2PoolThresholdUsageLow,
natv2PoolThresholdUsageHigh, natv2PoolThresholdUsageHigh,
natv2PoolNotifiedPortMapEntries, natv2PoolNotifiedPortMapEntries,
natv2PoolNotifiedPortMapProtocol, natv2PoolNotifiedPortMapProtocol,
natv2PoolNotificationInterval, natv2PoolNotificationInterval,
-- from natv2PoolRangeTable -- from natv2PoolRangeTable
natv2PoolRangeBegin, natv2PoolRangeBegin,
natv2PoolRangeEnd, natv2PoolRangeEnd,
-- from natv2AddressMapTable -- from natv2AddressMapTable
natv2AddressMapExternalPoolIndex, natv2AddressMapExternalPoolIndex,
-- from natv2PortMapTable -- from natv2PortMapTable
natv2PortMapExternalPoolIndex natv2PortMapExternalPoolIndex
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Per-instance objects that MUST be supported by "Per-instance objects that MUST be supported by
implementations of the pooled and carrier grade implementations of the pooled and carrier grade
NAT applications." NAT applications."
::= { natv2MIBGroups 4 } ::= { natv2MIBGroups 4 }
natv2CGNNotificationGroup NOTIFICATION-GROUP natv2CGNNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { NOTIFICATIONS {
natv2NotificationSubscriberPortMappingEntriesHigh natv2NotificationSubscriberPortMappingEntriesHigh
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Notification that MUST be supported by implementations "Notification that MUST be supported by implementations
of the carrier grade NAT application." of the carrier grade NAT application."
::= { natv2MIBGroups 5 } ::= { natv2MIBGroups 5 }
natv2CGNDeviceLevelGroup OBJECT-GROUP natv2CGNDeviceLevelGroup OBJECT-GROUP
OBJECTS { OBJECTS {
-- from table natv2SubscriberTable -- from table natv2SubscriberTable
natv2SubscriberInternalRealm, natv2SubscriberInternalRealm,
natv2SubscriberInternalPrefixType, natv2SubscriberInternalPrefixType,
natv2SubscriberInternalPrefix, natv2SubscriberInternalPrefix,
natv2SubscriberInternalPrefixLength, natv2SubscriberInternalPrefixLength,
natv2SubscriberAddressMapEntries, natv2SubscriberAddressMapEntries,
natv2SubscriberPortMapEntries, natv2SubscriberPortMapEntries,
natv2SubscriberTranslations, natv2SubscriberTranslations,
natv2SubscriberAddressMapCreations, natv2SubscriberAddressMapCreations,
natv2SubscriberPortMapCreations, natv2SubscriberPortMapCreations,
natv2SubscriberAddressMapFailureDrops, natv2SubscriberAddressMapFailureDrops,
natv2SubscriberPortMapFailureDrops, natv2SubscriberPortMapFailureDrops,
natv2SubscriberDiscontinuityTime, natv2SubscriberDiscontinuityTime,
natv2SubscriberLimitPortMapEntries, natv2SubscriberLimitPortMapEntries,
natv2SubscriberThresholdPortMapEntriesHigh, natv2SubscriberThresholdPortMapEntriesHigh,
natv2SubscriberNotificationInterval natv2SubscriberNotificationInterval
} }
STATUS current STATUS current
DESCRIPTION DESCRIPTION
"Device-level objects that MUST be supported by the "Device-level objects that MUST be supported by the
carrier-grade NAT application." carrier-grade NAT application."
::= { natv2MIBGroups 6 } ::= { natv2MIBGroups 6 }
natv2CGNInstanceLevelGroup OBJECT-GROUP natv2CGNInstanceLevelGroup OBJECT-GROUP
OBJECTS { OBJECTS {
-- from natv2InstanceTable -- from natv2InstanceTable
natv2InstanceSubscriberActiveLimitDrops, natv2InstanceSubscriberActiveLimitDrops,
natv2InstanceLimitSubscriberActives, natv2InstanceLimitSubscriberActives,
-- from natv2AddressMapTable -- from natv2AddressMapTable
natv2AddressMapInternalMappedAddressType, natv2AddressMapInternalMappedAddressType,
natv2AddressMapInternalMappedAddress, natv2AddressMapInternalMappedAddress,
natv2AddressMapSubscriberIndex, natv2AddressMapSubscriberIndex,
-- from natv2PortMapTable
natv2PortMapInternalMappedAddressType,
natv2PortMapInternalMappedAddress,
natv2PortMapSubscriberIndex
-- from natv2PortMapTable }
natv2PortMapInternalMappedAddressType, STATUS current
natv2PortMapInternalMappedAddress, DESCRIPTION
natv2PortMapSubscriberIndex "Per-instance objects that MUST be supported by the
} carrier grade NAT application."
STATUS current ::= { natv2MIBGroups 7 }
DESCRIPTION
"Per-instance objects that MUST be supported by the
carrier grade NAT application."
::= { natv2MIBGroups 7 }
END END
5. Operational and Management Considerations 5. Operational and Management Considerations
This section covers two particular areas of operations and This section covers two particular areas of operations and
management: configuration requirements, and transition from or management: configuration requirements, and transition from or
coexistence with the [RFC4008] MIB module. coexistence with the [RFC4008] MIB module.
5.1. Configuration Requirements 5.1. Configuration Requirements
This MIB module assumes that the following information is configured This MIB module assumes that the following information is configured
 End of changes. 260 change blocks. 
2458 lines changed or deleted 2446 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/