[Search] [txt|pdf|bibtex] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 02 03 04 05 06 rfc2667                                        
Internet Engineering Task Force                           Dave Thaler
INTERNET-DRAFT                                              Microsoft
Expires January 1999                                     27 July 1998



                             IP Tunnel MIB
                  <draft-ietf-ifmib-tunnel-mib-02.txt>





Status of this Memo

This document is an Internet-Draft.  Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, and
its working groups.  Note that other groups may also distribute working
documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time.  It is inappropriate to use Internet-Drafts as reference material
or to cite them other than as ``work in progress.''

To learn the current status of any Internet-Draft, please check the
``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow
Directories on ftp.ietf.org (US East Coast), nic.nordu.net (Europe),
ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim).



Copyright Notice

Copyright (C) The Internet Society (1998).  All Rights Reserved.

1.  Introduction

This memo defines an experimental portion of the Management Information
Base (MIB) for use with network management protocols in the Internet
community.  In particular, it describes managed objects used for
managing tunnels of any type in IP networks, including GRE [16,17], IP-
in-IP [18], Minimal Encapsulation [19], L2TP [20], L2F [25], and PPTP
[21] tunnels.  Extension MIBs (e.g., [22]) may be designed for managing
protocol-specific objects.  Likewise, extension MIBs may be designed for





Expires January 1999                                            [Page 1]


Draft                        IP Tunnel MIB                     July 1998


managing security-specific objects (e.g., IPSEC [24]).


2.  Revision History

A record of changes which will be removed before publication.

27 July 1998

(1)  Added tunnel config table to improve support for dynamic tunnel
     creation.

(2)  Added L2F as an encapsulation method.

(3)  Added Security Considerations and copyright notice, and updated
     SNMP Framework text and references.

18 April 1997

(1)  initial version.


3.  The SNMPv2 Network Management Framework

The SNMP Management Framework presently consists of five major
components:

o    An overall architecture, described in RFC 2271 [1].

o    Mechanisms for describing and naming objects and events for the
     purpose of management. The first version of this Structure of
     Management Information (SMI) is called SMIv1 and described in RFC
     1155 [2], RFC 1212 [3] and RFC 1215 [4]. The second version, called
     SMIv2, is described in RFC 1902 [5], RFC 1903 [6] and RFC 1904 [7].

o    Message protocols for transferring management information. The
     first version of the SNMP message protocol is called SNMPv1 and
     described in RFC 1157 [8]. A second version of the SNMP message
     protocol, which is not an Internet standards track protocol, is
     called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10].
     The third version of the message protocol is called SNMPv3 and
     described in RFC 1906 [10], RFC 2272 [11] and RFC 2274 [12].

o    Protocol operations for accessing management information. The first
     set of protocol operations and associated PDU formats is described





Expires January 1999                                            [Page 2]


Draft                        IP Tunnel MIB                     July 1998


     in RFC 1157 [8]. A second set of protocol operations and associated
     PDU formats is described in RFC 1905 [13].

o    A set of fundamental applications described in RFC 2273 [14] and
     the view-based access control mechanism described in RFC 2275 [15].

Managed objects are accessed via a virtual information store, termed the
Management Information Base or MIB.  Objects in the MIB are defined
using the mechanisms defined in the SMI.

This memo specifies a MIB module that is compliant to the SMIv2. A MIB
conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of machine
readable information is not considered to change the semantics of the
MIB.


3.1.  Object Definitions

Managed objects are accessed via a virtual information store, termed the
Management Information Base or MIB.  Objects in the MIB are defined
using the subset of Abstract Syntax Notation One (ASN.1) defined in the
SMI.  In particular, each object type is named by an OBJECT IDENTIFIER,
an administratively assigned name.  The object type together with an
object instance serves to uniquely identify a specific instantiation of
the object.  For human convenience, we often use a textual string,
termed the descriptor, to refer to the object type.


4.  Overview

This MIB module contains two tables:

o    the Tunnel Interface Table, containing information on the tunnels
     known to a router; and

o    the Tunnel Config Table, which is used for dynamic creation of
     tunnels.








Expires January 1999                                            [Page 3]


Draft                        IP Tunnel MIB                     July 1998


4.1.  Relationship to the Interfaces MIB

This section clarifies the relationship of this MIB to the Interfaces
MIB [23].  Several areas of correlation are addressed in the following
subsections.  The implementor is referred to the Interfaces MIB document
in order to understand the general intent of these areas.


4.1.1.  Layering Model

Each logical interface (physical or virtual) has an ifEntry in the
Interfaces MIB [23].  Tunnels are handled by creating a logical
interface (ifEntry) for each tunnel.  These are then correlated to
physical interfaces using the ifStack table of the Interfaces MIB.  The
basic model, therefore, looks something like this (for example):

   | |         | |          | |
+--+ +---+  +--+ +---+      | |
|IP-in-IP|  |  GRE   |      | |
| tunnel |  | tunnel |      | |
+--+ +---+  +--+ +---+      | |
   | |         | |          | |    <== attachment to physical
+--+ +---------+ +----------+ +--+     interfaces, to be provided
|       Physical interface       |     by ifStack table
+--------------------------------+


4.1.2.  ifTestTable

   The ifTestTable usage is defined in the MIBs defining the
   encapsulation below the network layer.  For example, if IP-in-IP
   encapsulation is being used, the ifTestTable is defined by IP-in-IP.


4.1.3.  ifRcvAddressTable

   The ifRcvAddressTable usage is defined in the MIBs defining the
   encapsulation below the network layer.  For example, if IP-in-IP
   encapsulation is being used, the ifRcvAddressTable is defined by IP-
   in-IP.










Expires January 1999                                            [Page 4]


Draft                        IP Tunnel MIB                     July 1998


4.1.4.  ifEntry

   IfEntries are defined in the MIBs defining the encapsulation below
   the network layer.  For example, if IP-in-IP encapsulation [20] is
   being used, the ifEntry is defined by IP-in-IP.

   The ifType of a tunnel should be set to "tunnel" (131).  An entry in
   the IP Tunnel MIB will exist for every ifEntry with this ifType.  An
   implementation of the IP Tunnel MIB MAY allow ifEntries to be created
   via the tunnelConfigTable.  Creating a tunnel will also add an entry
   in the ifTable and in the tunnelIfTable, and deleting a tunnel will
   likewise delete the entry in the ifTable and the tunnelIfTable.

   The use of two different tables in this MIB was an important design
   decision.  Traditionally, ifIndex values are chosen by agents, and
   are permitted to change across restarts.  Allowing row creation
   directly in the Tunnel Interface Table, indexed by ifIndex, would
   complicate row creation and/or cause interoperability problems (if
   each agent had special restrictions on ifIndex). Instead, a separate
   table is used which is indexed only by objects over which the manager
   has control.  Namely, these are the addresses of the tunnel endpoints
   and the encapsulation protocol.  Finally, an additional manager-
   chosen ID is used in the index to support protocols such as L2F which
   allow multiple tunnels between the same endpoints.


























Expires January 1999                                            [Page 5]


Draft                        IP Tunnel MIB                     July 1998


5.  Definitions

TUNNEL-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, transmission,
    Integer32, IpAddress             FROM SNMPv2-SMI
    RowStatus                        FROM SNMPv2-TC
    MODULE-COMPLIANCE, OBJECT-GROUP  FROM SNMPv2-CONF
    ifIndex                          FROM IF-MIB;

tunnelMIB MODULE-IDENTITY
    LAST-UPDATED "9807271200Z"
    ORGANIZATION "Microsoft Corporation"
    CONTACT-INFO
                        " Dave Thaler
                          Microsoft Corporation
                          One Microsoft Way
                          Redmond, WA  98052-6399
                          EMail: dthalerd@microsoft.com"
    DESCRIPTION
            "The MIB module for management of IP Tunnels, independent of
            the specific encapsulation scheme in use."
    ::= { transmission 131 }


tunnelMIBObjects OBJECT IDENTIFIER ::= { tunnelMIB 1 }

tunnel      OBJECT IDENTIFIER ::= { tunnelMIBObjects 1 }





















Expires January 1999                                            [Page 6]


Draft                        IP Tunnel MIB                     July 1998


-- the IP Tunnel MIB-Group
--
-- a collection of objects providing information about
-- IP Tunnels


tunnelIfTable OBJECT-TYPE
    SYNTAX     SEQUENCE OF TunnelIfEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "The (conceptual) table containing information on configured
            tunnels."
    ::= { tunnel 1 }

tunnelIfEntry OBJECT-TYPE
    SYNTAX     TunnelIfEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An entry (conceptual row) containing the information on a
            particular configured tunnel."
    INDEX      { ifIndex }
    ::= { tunnelIfTable 1 }

TunnelIfEntry ::= SEQUENCE {
    tunnelIfLocalAddress            IpAddress,
    tunnelIfRemoteAddress           IpAddress,
    tunnelIfEncapsMethod            INTEGER,
    tunnelIfHopLimit                Integer32,
    tunnelIfPriority                Integer32,
    tunnelIfEncapsLimit             Integer32,
    tunnelIfSecurity                INTEGER
}

tunnelIfLocalAddress OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The address of the local endpoint of the tunnel, or 0.0.0.0
            if unknown."
    ::= { tunnelIfEntry 1 }

tunnelIfRemoteAddress OBJECT-TYPE





Expires January 1999                                            [Page 7]


Draft                        IP Tunnel MIB                     July 1998


    SYNTAX     IpAddress
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The address of the remote endpoint of the tunnel, or
            0.0.0.0 if unknown."
    ::= { tunnelIfEntry 2 }

tunnelIfEncapsMethod OBJECT-TYPE
    SYNTAX     INTEGER {
                   other(1),   -- none of the following
                   native(2),  -- no intermediate header
                   gre(3),     -- GRE encapsulation
                   minimal(4), -- Minimal encapsulation
                   l2tp(5),    -- L2TP encapsulation
                   pptp(6),    -- PPTP encapsulation
                   l2f(7)      -- L2F encapsulation
               }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The encapsulation method used by the tunnel.  The value
            native indicates that the packet is encapsulated inside a
            normal IPv4 header and unicast to the remote tunnel
            endpoint.  The value gre indicates that a GRE header is
            inserted between the outer header and the payload header,
            and minimal indicates that a Minimal Forwarding Header (RFC
            2004) is inserted between the outer header and the payload
            data.  The value pptp indicates that an enhanced GRE header
            and a PPP header are inserted."
    ::= { tunnelIfEntry 3 }

tunnelIfHopLimit OBJECT-TYPE
    SYNTAX     Integer32 (0..255)
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The IPv4 TTL (or IPv6 hop limit) to use in the outer IP
            header. A value of 0 indicates that the value is copied from
            the payload's header."
    ::= { tunnelIfEntry 4 }

tunnelIfPriority OBJECT-TYPE
    SYNTAX     Integer32 (-1..15)
    MAX-ACCESS read-create





Expires January 1999                                            [Page 8]


Draft                        IP Tunnel MIB                     July 1998


    STATUS     current
    DESCRIPTION
            "The IPv4 Preference or IPv6 Priority to use in the outer IP
            header.  A value of -1 indicates that the value is copied
            from the payload's header."
    ::= { tunnelIfEntry 6 }

tunnelIfEncapsLimit OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The maximum number of encapsulations permitted for packets
            undergoing encapsulation at this node.  A value of 0
            indicates that no limit is present (except as a result of
            the packet size)."
    ::= { tunnelIfEntry 7 }

tunnelIfSecurity OBJECT-TYPE
    SYNTAX     INTEGER {
                   none(1),   -- no security
                   ipsec(2),  -- IPSEC security
                   other(3)
               }
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The method used by the tunnel to secure the outer IP
            header."
    ::= { tunnelIfEntry 8 }

tunnelConfigTable OBJECT-TYPE
    SYNTAX     SEQUENCE OF TunnelConfigEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "The (conceptual) table containing information on configured
            tunnels.  This table can be used to map a set of tunnel
            endpoints to the associated ifIndex value.  It can also be
            used for row creation."
    ::= { tunnel 2 }

tunnelConfigEntry OBJECT-TYPE
    SYNTAX     TunnelConfigEntry
    MAX-ACCESS not-accessible





Expires January 1999                                            [Page 9]


Draft                        IP Tunnel MIB                     July 1998


    STATUS     current
    DESCRIPTION
            "An entry (conceptual row) containing the information on a
            particular configured tunnel."
    INDEX      { tunnelConfigLocalAddress,
                 tunnelConfigRemoteAddress,
                 tunnelConfigEncapsMethod,
                 tunnelConfigID }
    ::= { tunnelConfigTable 1 }

TunnelConfigEntry ::= SEQUENCE {
    tunnelConfigLocalAddress            IpAddress,
    tunnelConfigRemoteAddress           IpAddress,
    tunnelConfigEncapsMethod            INTEGER,
    tunnelConfigID                      Integer32,
    tunnelConfigIfIndex                 Integer32,
    tunnelConfigStatus                  RowStatus
}

tunnelConfigLocalAddress OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "The address of the local endpoint of the tunnel, or 0.0.0.0
            if unknown."
    ::= { tunnelConfigEntry 1 }

tunnelConfigRemoteAddress OBJECT-TYPE
    SYNTAX     IpAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "The address of the remote endpoint of the tunnel, or
            0.0.0.0 if unknown."
    ::= { tunnelConfigEntry 2 }

tunnelConfigEncapsMethod OBJECT-TYPE
    SYNTAX     INTEGER {
                   other(1),   -- none of the following
                   native(2),  -- no intermediate header
                   gre(3),     -- GRE encapsulation
                   minimal(4), -- Minimal encapsulation
                   l2tp(5),    -- L2TP encapsulation
                   pptp(6),    -- PPTP encapsulation





Expires January 1999                                           [Page 10]


Draft                        IP Tunnel MIB                     July 1998


                   l2f(7)      -- L2F encapsulation
               }
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "The encapsulation method used by the tunnel."
    ::= { tunnelConfigEntry 3 }

tunnelConfigID OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An identifier used to distinguish between multiple tunnels
            of the same encapsulation method, with the same endpoints.
            If the encapsulation protocol only allows one tunnel per set
            of endpoint addresses (such as for GRE or IP-in-IP), the
            value of this object is 1.  For encapsulation methods (such
            as L2F) which allow multiple parallel tunnels, the manager
            is responsible for choosing any ID which does not conflict
            with an existing row, such as choosing a random number."
    ::= { tunnelConfigEntry 4 }

tunnelConfigIfIndex OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
            "The value of ifIndex corresponding to the tunnel
            interface."
    ::= { tunnelConfigEntry 5 }

tunnelConfigStatus OBJECT-TYPE
    SYNTAX     RowStatus
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The status of this row, by which new entries may be
            created, or old entries deleted from this table.  Creating a
            row in this table will create a corresponding row in the
            ifTable and in the tunnelIfTable.  Deleting a row in this
            table will likewise delete the corresponding row in the
            ifTable and in the tunnelIfTable."
    ::= { tunnelConfigEntry 6 }






Expires January 1999                                           [Page 11]


Draft                        IP Tunnel MIB                     July 1998


-- conformance information

tunnelMIBConformance
                  OBJECT IDENTIFIER ::= { tunnelMIB 2 }
tunnelMIBCompliances
                  OBJECT IDENTIFIER ::= { tunnelMIBConformance 1 }
tunnelMIBGroups  OBJECT IDENTIFIER ::= { tunnelMIBConformance 2 }


-- compliance statements

tunnelMIBCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
            "The compliance statement for the IP Tunnel MIB."
    MODULE  -- this module
    MANDATORY-GROUPS { tunnelMIBBasicGroup }

        OBJECT      tunnelIfHopLimit
        MIN-ACCESS  read-only
        DESCRIPTION
            "Write access is not required."

        OBJECT      tunnelIfPriority
        MIN-ACCESS  read-only
        DESCRIPTION
            "Write access is not required."

        OBJECT      tunnelIfEncapsLimit
        MIN-ACCESS  read-only
        DESCRIPTION
            "Write access is not required."

        OBJECT      tunnelConfigStatus
        MIN-ACCESS  read-only
        DESCRIPTION
            "Write access is not required."
   ::= { tunnelMIBCompliances 1 }

-- units of conformance

tunnelMIBBasicGroup OBJECT-GROUP
    OBJECTS { tunnelIfLocalAddress, tunnelIfRemoteAddress,
       tunnelIfEncapsMethod, tunnelIfHopLimit,
       tunnelIfPriority, tunnelIfEncapsLimit, tunnelIfSecurity,





Expires January 1999                                           [Page 12]


Draft                        IP Tunnel MIB                     July 1998


       tunnelConfigIfIndex, tunnelConfigStatus }
    STATUS  current
    DESCRIPTION
            "A collection of objects to support basic management of IP
            Tunnels."
    ::= { tunnelMIBGroups 1 }

END










































Expires January 1999                                           [Page 13]


Draft                        IP Tunnel MIB                     July 1998


6.  Security Considerations

This MIB contains readable objects whose values provide information
related to IP tunnel interfaces.  There are also a number of objects
that have a MAX-ACCESS clause of read-write and/or read-create, such as
those which allow an administrator to dynamically configure tunnels.

While unauthorized access to the readable objects is relatively
innocuous, unauthorized access to the write-able objects could cause a
denial of service, or could cause unauthorized creation and/or
manipulation of tunnels. Hence, the support for SET operations in a
non-secure environment without proper protection can have a negative
effect on network operations.

SNMPv1 by itself is such an insecure environment.  Even if the network
itself is secure (for example by using IPSec [24]), even then, there is
no control as to who on the secure network is allowed to access and SET
(change/create/delete) the objects in this MIB.

It is recommended that the implementers consider the security features
as provided by the SNMPv3 framework.  Specifically, the use of the
User-based Security Model RFC 2274 [12] and the View-based Access
Control Model RFC 2275 [15] is recommended.

It is then a customer/user responsibility to ensure that the SNMP entity
giving access to this MIB, is properly configured to give access to
those objects only to those principals (users) that have legitimate
rights to access them.


7.  Acknowledgements

This MIB module was updated based on feedback from the IETF's Interfaces
MIB (IF-MIB) and Point-to-Point Protocol Extensions (PPPEXT) Working
Groups.


8.  Author's Address

     Dave Thaler
     Microsoft Corporation
     One Microsoft Way
     Redmond, WA  48105-6399
     Phone: +1 425 703 8835
     EMail: dthaler@microsoft.com





Expires January 1999                                           [Page 14]


Draft                        IP Tunnel MIB                     July 1998


9.  References

[1]  Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for
     Describing SNMP Management Frameworks", RFC 2271, Cabletron
     Systems, Inc., BMC Software, Inc., IBM T. J. Watson Research,
     January 1998.

[2]  Rose, M., and K. McCloghrie, "Structure and Identification of
     Management Information for TCP/IP-based Internets", RFC 1155,
     Performance Systems International, Hughes LAN Systems, May 1990.

[3]  Rose, M., and K. McCloghrie, "Concise MIB Definitions", RFC 1212,
     Performance Systems International, Hughes LAN Systems, March 1991.

[4]  M. Rose, "A Convention for Defining Traps for use with the SNMP",
     RFC 1215, Performance Systems International, March 1991.

[5]  Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Structure
     of Management Information for Version 2 of the Simple Network
     Management Protocol (SNMPv2)", RFC 1902, SNMP Research,Inc., Cisco
     Systems, Inc., Dover Beach Consulting, Inc., International Network
     Services, January 1996.

[6]  Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Textual
     Conventions for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1903, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[7]  Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Conformance
     Statements for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1904, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[8]  Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network
     Management Protocol", RFC 1157, SNMP Research, Performance Systems
     International, Performance Systems International, MIT Laboratory
     for Computer Science, May 1990.

[9]  Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
     "Introduction to Community-based SNMPv2", RFC 1901, SNMP Research,
     Inc., Cisco Systems, Inc., Dover Beach Consulting, Inc.,
     International Network Services, January 1996.






Expires January 1999                                           [Page 15]


Draft                        IP Tunnel MIB                     July 1998


[10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport
     Mappings for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1906, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message
     Processing and Dispatching for the Simple Network Management
     Protocol (SNMP)", RFC 2272, SNMP Research, Inc., Cabletron Systems,
     Inc., BMC Software, Inc., IBM T. J. Watson Research, January 1998.

[12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for
     version 3 of the Simple Network Management Protocol (SNMPv3)", RFC
     2274, IBM T. J. Watson Research, January 1998.

[13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol
     Operations for Version 2 of the Simple Network Management Protocol
     (SNMPv2)", RFC 1905, SNMP Research, Inc., Cisco Systems, Inc.,
     Dover Beach Consulting, Inc., International Network Services,
     January 1996.

[14] Levi, D., Meyer, P., and B. Stewart, "MPv3 Applications", RFC 2273,
     SNMP Research, Inc., Secure Computing Corporation, Cisco Systems,
     January 1998.

[15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access
     Control Model (VACM) for the Simple Network Management Protocol
     (SNMP)", RFC 2275, IBM T. J. Watson Research, BMC Software, Inc.,
     Cisco Systems, Inc., January 1998.

[16] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic Routing
     Encapsulation (GRE)", RFC 1701, October 1994.

[17] Hanks, S., Li, T., Farinacci, D., and P. Traina, "Generic Routing
     Encapsulation over IPv4 networks", RFC 1702, October 1994.

[18] Perkins, C., "IP Encapsulation within IP", RFC 2003, October 1996.

[19] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, October
     1996.

[20] Hamzeh, Kolar, Littlewood, Pall, Taarud, Valencia, and Verthein,
     "Layer Two Tunneling Protocol (L2TP)", draft-ietf-pppext-l2tp-
     04.txt, June 1997.






Expires January 1999                                           [Page 16]


Draft                        IP Tunnel MIB                     July 1998


[21] Hamzeh, Pall, Verthein, Taarud, and Little, "Point-to-Point
     Tunneling Protocol--PPTP", draft-ietf-pppext-pptp-02.txt, July
     1997.

[22] Calhoun, Reddy, Vroman, and Wheeler.  "Layer Two Tunneling Protocol
     "L2TP" Management Information Base", draft-ietf-pppext-l2tp-mib-
     00.txt, October 1997.

[23] McCloghrie, K., and F. Kastenholz.  "The Interfaces Group MIB using
     SMIv2", RFC 2233, November 1997.

[24] R. Atkinson.  "Security architecture for the internet protocol",
     RFC 1825, August 1995.

[25] Valencia, A., Littlewood, M., and T. Kolar.  "Cisco Layer Two
     Forwarding (Protocol) "L2F"", RFC 2341, May 1998.


10.  Full Copyright Statement

Copyright (C) The Internet Society (1998).  All Rights Reserved.

This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or
assist in its implmentation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are included
on all such copies and derivative works.  However, this document itself
may not be modified in any way, such as by removing the copyright notice
or references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet
Standards process must be followed, or as required to translate it into
languages other than English.

The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE."






Expires January 1999                                           [Page 17]


Draft                        IP Tunnel MIB                     July 1998


Table of Contents


1 Introduction ....................................................    1
2 Revision History ................................................    2
3 The SNMPv2 Network Management Framework .........................    2
3.1 Object Definitions ............................................    3
4 Overview ........................................................    3
4.1 Relationship to the Interfaces MIB ............................    4
4.1.1 Layering Model ..............................................    4
4.1.2 ifTestTable .................................................    4
4.1.3 ifRcvAddressTable ...........................................    4
4.1.4 ifEntry .....................................................    5
5 Definitions .....................................................    6
6 Security Considerations .........................................   14
7 Acknowledgements ................................................   14
8 Author's Address ................................................   14
9 References ......................................................   15
10 Full Copyright Statement .......................................   17































Expires January 1999                                           [Page 18]