Network Working Group Y. Fu
Internet Draft Sh. Jiang
Intended status: Standards Track Huawei Technologies Co., Ltd
Expires: November 4, 2011 Y. Cui
J.Dong
Tsinghua University
May 4, 2011
DS-Lite Management Information Base (MIB)
draft-fu-softwire-dslite-mib-00
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute working
documents as Internet-Drafts. The list of current Internet-Drafts is
at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 27, 2011.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Fu, et al. Expires November 4, 2011 [Page 1]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it defines managed objects for DS-Lite.
Table of Contents
1. Introduction ..................................................3
2. The Internet-Standard Management Framework ....................3
3. Terminology ...................................................3
4. Difference from the IP tunnel MIB and NAT MIB .................3
5. Structure of the MIB Module....................................4
5.1. The DSliteMIBTunnel Subtree...............................4
5.2. The DSliteMIBNAT Subtree..................................4
5.3. The DSliteMIBRelationInfo Subtree ........................4
5.4. The DSliteMIBConformance Subtree .........................5
6. MIB modules required for IMPORTS...............................5
7. Definitions ...................................................5
8. IANA Considerations ..........................................12
9. Security Considerations.......................................12
10. References ..................................................13
10.1. Normative References....................................13
10.2. Informative References..................................14
11. Change Log [RFC Editor please remove] .......................14
Author's Addresses ..............................................14
Fu, et al. Expires November 4, 2011 [Page 2]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
1. Introduction
Dual-Stack Lite [I-D.ietf-softwire-dual-stack-lite] is a solution to
offer both IPv4 and IPv6 connectivity to customers crossing IPv6 only
infrastructure. One of its key components is an IPv4-over-IPv6
tunnel, which is used to provide IPv4 connection across service
provider IPv6 network. Another key component is a carrier-grade
IPv4-IPv4 NAT to share service provider IPv4 addresses among
customers.
This document defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet
community. This MIB module may be used for configuration and
monitoring the devices in the Dual-Stack Lite scenario.
2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current
Internet-Standard Management Framework, please refer to section 7 of
[RFC3410].
Managed objects are accessed via a virtual information store, termed
the MIB. MIB objects are generally accessed through the Simple
Network Management Protocol (SNMP).
Objects in the MIB are defined using the mechanisms defined in the
Structure of Management Information (SMI). This memo specifies a MIB
module that is compliant to the SMIv2, which is described in
[RFC2578], [RFC2579] and [RFC2580].
3. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
4. Difference from the IP tunnel MIB and NAT MIB
The key technologies for DS-Lite are IP in IP (IPv4-in-IPv6) tunnel
and NAT (IPv4 to IPv4 translation).
The NAT-MIB [RFC4008] is designed to carry translation from any
address family to any address family, therefore supports IPv4 to IPv4
translation.
The tunnel MIB [RFC4087] is designed for managing tunnels of any type
over IPv4 and IPv6 networks, therefore supports IP in IP tunnels.
Fu, et al. Expires November 4, 2011 [Page 3]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
However, NAT MIB and tunnel MIB together are not sufficient to
support DS-Lite. This document describes the specific MIB
requirements for DS-Lite, as below.
In DS-Lite scenario, the tunnel type is IP in IP, more
precisely, is IPv4 in IPv6. Therefore, it is unnecessary to
describe tunnel type in DS-Lite MIB.
In DS-Lite scenario, the translation type is IPv4 private
address to IPv4 public address. Therefore, it is unnecessary to
describe the type of address in the corresponding
tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress objects
in DS-Lite MIB.
In DS-lite scenario, the AFTR is not only the tunnel end
concentrator, but also a 4-4 translator. Within the AFTR,
tunnel information and translation information MUST be mapped
each other. Two independent MIB is not able to reflect this
mapping relationship. Therefore, a combined MIB is necessary.
5. Structure of the MIB Module
The DS-Lite MIB provides a way to configure and manage the devices in
DS-Lite scenario through SNMP.
DS-Lite MIB is configurable on a per-interface basis. It depends on
several parts of the IF-MIB [RFC2863], tunnel MIB [RFC4087], and NAT
MIB [RFC4008].
5.1. The DSliteMIBTunnel Subtree
The DSliteMIBTunnel subtree describes managed objects used for
managing tunnels in the DS-Lite scenario. Because the tunnel MIB
supports the tunnel management function in DS-Lite, we may reuse it
in DS-Lite MIB.
5.2. The DSliteMIBNAT Subtree
The DSliteMIBNAT Subtree describes managed objects used for
configuration as well as monitoring of AFTR which is capable of NAT
function. Because the NAT MIB supports the NAT management function in
DS-Lite, we MAY reuse it in DS-Lite MIB.
5.3. The DSliteMIBRelationInfo Subtree
The DSliteMIBRelationInfo Subtree provides the information of mapping
relationship between the tunnel MIB and NAT MIB. It is vital
Fu, et al. Expires November 4, 2011 [Page 4]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
information for DS-Lite implementer. It also includes information
about traffic statistics.
5.4. The DSliteMIBConformance Subtree
The Subtree provides conformance information of MIB objects.
6. MIB modules required for IMPORTS
This MIB module IMPORTs objects from [RFC4087], [RFC4008], [RFC2580],
[RFC2578], [RFC2863], [RFC4001],[RFC3411].
Notes: The IF-MIB defines the MTU for the interface which includes
the virtual interface of the tunnel, so DS-Lite MIB does not need to
define the MTU for tunnel.
7. Definitions
DSLite-MIB DEFFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, mib-2, transmission,
Gauge32
FROM SNMPv2-SMI
ifIndex
FROM IF-MIB
InetAddress, InetPortNumber
FROM INET-ADDRESS-MIB
tunnelMIB
FROM tunnelMIB
natMIB
FROM natMIB
DSliteMIB MODULE-IDENTITY
LAST-UPDATED "201104260000Z" -- April 26, 2011
ORGANIZATION "IETF Softwire Working Group"
CONTACT-INFO
"Yu Fu
Huawei Technologies Co., Ltd
Huawei Building, No.3 Xinxi Rd, Hai-Dian District
Beijing, P.R. China 100085
EMail: fy@huawei.com
Fu, et al. Expires November 4, 2011 [Page 5]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
Sheng Jiang
Huawei Technologies Co., Ltd
Huawei Building, No.3 Xinxi Rd, Hai-Dian District
Beijing, P.R. China 100085
EMail: jiangsheng@huawei.com
Yong Cui
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R. China
Email: yong@csnet1.cs.tsinghua.edu.cn
Jiang Dong
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R. China
Email: dongjiang@csnet1.cs.tsinghua.edu.cn"
DESCRIPTION
"The MIB module is defined for management of object in the
DS-Lite scenario. "
::= { transmission xxx } --xxx to be replaced with correct
value
DSLiteMIBRelationInfo OBJECT IDENTIFIER
:: = { DSLiteMIB 1 }
--Conformance
DSLiteMIBConformance OBJECT IDENTIFIER
:: = { DSLiteMIB 2 }
--DSLiteMIBRelationInfo
--DSLiteMIBBindRelationTable Table
--DSLiteMIBPortBindRelationTable Table
DSLiteMIBBindRelationTable OBJECT-TYPE
SYNTAX SEQUENCE OF DSLiteMIBBindRelationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing mapping information
between tunnel information and currently active NAT BINDs
This table can be used to map the tunnel initiator to
Fu, et al. Expires November 4, 2011 [Page 6]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
natAddrBindEntry."
:: = { DSLiteMIBRelationInfo 1 }
DSLiteMIBBindRelationEntry OBJECT-TYPE
SYNTAX DSLiteMIBBindRelationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in this table holds the relationship between
tunnel information and nat bind information. These entries
are lost upon agent restart."
INDEX { ifIndex,
natAddrBindLocalAddr,
tunnelIfLocalAddress }
:: = { DSLiteMIBBindRelationTable 1 }
DSLiteMIBBindRelationEntry :: =
SEQUENCE {
NatAddrBindEntry NatAddrBindEntry,
tunnelIfLocalAddress IpAddress,
DSLiteMIBBindNumberOfTunnel Gauge32,
DSLiteMIBBindInIPv6Packets Counter32,
DSLiteMIBBindOutIPv6Packets Counter32,
DSLiteMIBBindOutIPv4Packets Counter32,
DSLiteMIBBindInIPv6Bytes Counter64,
DSLiteMIBBindOutIPv4Bytes Counter64,
DSLiteMIBBindOutIPv6Bytes Counter64
}
DSLiteMIBBindNumberOfTunnel OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object maintains a count of the number of tunnels
that currently exist with the same endpoint, AFTR."
::= { DSLiteMIBBindRelationEntry 3 }
DSLiteMIBBindInIPv6Packets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv6 Packets received by
the AFTR. These IPv6 packets includes native IPv6 packets
and IPv6 packets encapsulated from IPv4 packets send by the
Fu, et al. Expires November 4, 2011 [Page 7]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
tunnel initiator."
::= { DSLiteMIBBindRelationEntry 4 }
DSLiteMIBBindOutIPv6Packets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv6 Packets forwarded by
the AFTR. These IPv6 packets are native IPv6 packets
received in AFTR."
::= { DSLiteMIBBindRelationEntry 5 }
DSLiteMIBBindOutIPv4Packets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv4 Packets sent by
the AFTR. These IPv4 packets are decapsulated packets from
encapsulated IPv6 packets."
::= { DSLiteMIBBindRelationEntry 6 }
DSLiteMIBBindInIPv6Bytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv6 Bytes forwarded by
the AFTR."
::= { DSLiteMIBBindRelationEntry 7 }
DSLiteMIBBindOutIPv6Bytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv6 Bytes received by
AFTR."
::= { DSLiteMIBBindRelationEntry 8 }
DSLiteMIBBindOutIPv4Bytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv4 Bytes sent by
Fu, et al. Expires November 4, 2011 [Page 8]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
AFTR."
::= { DSLiteMIBBindRelationEntry 9 }
DSLiteMIBPortBindRelationTable OBJECT-TYPE
SYNTAX SEQUENCE OF DSLiteMIBPortBindRelationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing mapping information
between tunnel information and currently active NAPT BINDs
This table can be used to map the tunnel initiator to
natAddrPortBindEntry. "
:: = { DSLiteMIBRelationInfo 2 }
DSLiteMIBPortBindRelationEntry OBJECT-TYPE
SYNTAX DSLiteMIBPortBindRelationEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in this table holds the relationship between
tunnel information and nat bind information. These entries
are lost upon agent restart."
INDEX { ifIndex,
natAddrPortBindLocalAddr,
natAddrPortBindLocalPort,
tunnelIfLocalAddress }
:: = { DSLiteMIBPortBindRelationTable 1 }
DSLiteMIBPortBindRelationEntry :: =
SEQUENCE {
natAddrPortBindEntry natAddrPortBindEntry,
tunnelIfLocalAddress IpAddress,
DSLiteMIBPortBindNumberOfTunnel Gauge32,
DSLiteMIBPortBindInIPv6Packets Counter32,
DSLiteMIBPortBindOutIPv6Packets Counter32,
DSLiteMIBPortBindOutIPv4Packets Counter32,
DSLiteMIBPortBindInIPv6Bytes Counter64,
DSLiteMIBPortBindOutIPv4Bytes Counter64,
DSLiteMIBPortBindOutIPv6Bytes Counter64
}
DSLiteMIBPortBindNumberOfTunnel OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object maintains a count of the number of tunnels
Fu, et al. Expires November 4, 2011 [Page 9]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
that currently exist with the same endpoint, AFTR."
::= { DSLiteMIBPortBindRelationEntry 3 }
DSLiteMIBPortBindInIPv6Packets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv6 Packets received by
the virtual interface of AFTR. These IPv6 packets includes
native IPv6 packets and IPv6 packets encapsulated from IPv4
packets send by the tunnel initiator."
::= { DSLiteMIBPortBindRelationEntry 4 }
DSLiteMIBPortBindOutIPv6Packets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv6 Packets forwarded by
the AFTR. These IPv6 packets are native IPv6 packets
received in AFTR."
::= { DSLiteMIBPortBindRelationEntry 5 }
DSLiteMIBPortBindOutIPv4Packets OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv4 Packets sent by
the AFTR. These IPv4 packets are decapsulated packets from
encapsulated IPv6 packets."
::= { DSLiteMIBPortBindRelationEntry 6 }
DSLiteMIBPortBindInIPv6Bytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv6 Bytes forwarded by
the AFTR."
::= { DSLiteMIBPortBindRelationEntry 7 }
DSLiteMIBPortBindOutIPv6Bytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
Fu, et al. Expires November 4, 2011 [Page 10]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
DESCRIPTION
"This object represents number of IPv6 Bytes received by
the virtual interface of AFTR."
::= { DSLiteMIBPortBindRelationEntry 8 }
DSLiteMIBPortBindOutIPv4Bytes OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents number of IPv4 Bytes sent by
the AFTR."
::= { DSLiteMIBPortBindRelationEntry 9 }
--Module Conformance statement
DSLiteMIBGroups OBJECT IDENTIFIER
:: = { DSLiteMIBConformance 1 }
DSLiteMIBCompliances OBJECT IDENTIFIER
:: = { DSLiteMIBConformance 2 }
DSLiteMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Description of the requirements for conformance to the
DS-Lite MIB the AFTR."
MODULE - this module
MANDATORY - GROUPS { DSLiteMIBRelationInfoGroup }
:: = { DSLiteMIBCompliances 1 }
DSLiteMIBRelationInfoGroup OBJECT-GROUP
OBJECTS {
NatAddrBindEntry NatAddrBindEntry,
tunnelIfLocalAddress IpAddress,
DSLiteMIBBindNumberOfTunnel Gauge32,
DSLiteMIBBindInIPv6Packets Counter32,
DSLiteMIBBindOutIPv6Packets Counter32,
DSLiteMIBBindOutIPv4Packets Counter32,
DSLiteMIBBindInIPv6Bytes Counter64,
DSLiteMIBBindOutIPv4Bytes Counter64,
DSLiteMIBBindOutIPv6Bytes Counter64,
natAddrPortBindEntry natAddrPortBindEntry,
DSLiteMIBPortBindNumberOfTunnel Gauge32,
DSLiteMIBPortBindInIPv6Packets Counter32,
DSLiteMIBPortBindOutIPv6Packets Counter32,
Fu, et al. Expires November 4, 2011 [Page 11]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
DSLiteMIBPortBindOutIPv4Packets Counter32,
DSLiteMIBPortBindInIPv6Bytes Counter64,
DSLiteMIBPortBindOutIPv4Bytes Counter64,
DSLiteMIBPortBindOutIPv6Bytes Counter64
}
STATUS current
DESCRIPTION
"The collection of objects which are used to represent
the mapping information between tunnel information and
currently active NAT BINDs of the AFTR."
:: = { DSLiteMIBGroup 1 }
END
8. IANA Considerations
The MIB module in this document uses the following IANA-assigned
OBJECT IDENTIFIER values recorded in the SMI Numbers registry:
Descriptor OBJECT IDENTIFIER value
---------- -----------------------
DSLite-MIB { transmission XXX }
9. Security Considerations
The DS-Lite MIB module can be used for configuration of certain
objects, and anything that can be configured can be incorrectly
configured, with potentially disastrous results. Because this MIB
module reuse the IP tunnel MIB and nat MIB, the security
considerations for these MIBs are also applicable to the DS-Lite
MIB.
Unauthorized read access to tunnelIfLocalAddress, or any object in
the DSLiteMIBBindRelationTable or DSLiteMIBPortBindRelationTable
would reveal information about the mapping information.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [RFC3410], section 8),
including full support for the SNMPv3 cryptographic mechanisms (for
authentication and privacy).
Fu, et al. Expires November 4, 2011 [Page 12]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
Further, deployment of SNMP versions prior to SNMPv3 is NOT
RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to
enable cryptographic security. It is then a customer/operator
responsibility to ensure that the SNMP entity giving access to an
instance of this MIB module is properly configured to give access to
the objects only to those principals (users) that have legitimate
rights to indeed GET or SET (change/create/delete) them.
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Structure of Management Information Version 2 (SMIv2)",
RFC 2578, April 1999.
[RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual
Conventions for SMIv2", RFC 2579, April 1999.
[RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder,
"Conformance Statements for SMIv2", RFC 2580, April 1999.
[RFC2863] McCloghrie, K. and F. Kastenholz. "The Interfaces Group
MIB", RFC 2863, June 2000.
[RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing Simple Network Management
Protocol (SNMP) Management Frameworks", RFC 3411, December
2002.
[RFC4001] Daniele, M., Haberman, B., Routhier, S., and J.
Schoenwaelder, "Textual Conventions for Internet Network
Addresses", RFC 4001, February 2005.
[RFC4008] Rohit, R., Srisuresh, P., Raghunarayan,R., Pai, N., and
Wang, C., "Definitions of Managed Objects for Network
Address Translators (NAT)", RFC 4008, March 2005.
[RFC4087] Thaler, D., "IP Tunnel MIB", RFC 4087, June 2005.
Fu, et al. Expires November 4, 2011 [Page 13]
Internet-Draft draft-fu-softwire-dslite-mib-00.txt May 2011
10.2. Informative References
[I-D.ietf-softwire-dual-stack-lite]
Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual-
Stack Lite Broadband Deployments Following IPv4
Exhaustion", draft-ietf-softwire-dual-stack-lite-08
(work in progress), August 2010.
[RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction and Applicability Statements for Internet-
Standard Management Framework", RFC 3410, December 2002.
11. Change Log [RFC Editor please remove]
draft-fu-softwire-dslite-mib-00, original version, 2011-05-04
Author's Addresses
Yu Fu
Huawei Technologies Co., Ltd
Huawei Building, No.3 Xinxi Rd.,
Shang-Di Information Industry Base, Hai-Dian District, Beijing 100085
P.R. China
Email: fy@huawei.com
Sheng Jiang
Huawei Technologies Co., Ltd
Huawei Building, No.3 Xinxi Rd.,
Shang-Di Information Industry Base, Hai-Dian District, Beijing 100085
P.R. China
Email: shengjiang@huawei.com
Yong Cui
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R. China
Email: yong@csnet1.cs.tsinghua.edu.cn
Jiang Dong
Tsinghua University
Department of Computer Science, Tsinghua University
Beijing 100084
P.R. China
Email: dongjiang@csnet1.cs.tsinghua.edu.cn
Fu, et al. Expires November 4, 2011 [Page 14]