Definitions of Managed Objects for Network Address Translators (NAT)
RFC 4008

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>
Subject: Protocol Action: 'Definitions of Managed Objects for 
         Network Address Translators (NAT)' to Proposed Standard 

The IESG has approved the following document:

- 'Definitions of Managed Objects for Network Address Translators (NAT) '
   <draft-ietf-nat-natmib-10.txt> as a Proposed Standard

This document has been reviewed in the IETF but is not the product of an
IETF Working Group. 

The IESG contact person is Allison Mankin.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-nat-natmib-10.txt

Technical Summary
 
This document defines a portion of the Management Information Base (MIB) for 
devices implementing Network Address Translator (NAT) function. This MIB 
module may be used for configuration of specific aspects of the NAT function
(but in particular, not to configure NAT bindings).  Firewall configuration, in
a NAT-firewall-combining device, is specifically outside the scope of this 
document.

Working Group Summary
 
Although this document is an individual submission (developed largely after 
closure of IETF's NAT working group, it was reviewed by the MIDCOM working
group.  A good number of comments were received from MIDCOM participants.
 
Protocol Quality
 
This specification was reviewed for the IESG by Allison Mankin, Bert Wijnen, 
and Juergen Schoenwaelder, of the MIB Doctors.

RFC Editor Notes

Section 3.  Terminology

OLD:


   Definitions for majority of the terms used throughout the document
   may be found in RFC 2663 [RFC2663]. Additional terms that further
   classify NAPT implementations are defined in RFC 3489 [RFC3489].
   Listed below are terms used in this document

NEW:

  
   Definitions for majority of the terms used throughout the document
   may be found in RFC 2663 [RFC2663]. Additional terms that further
   classify NAPT implementations are defined in RFC 3489 [RFC3489].
   Listed below are terms used in this document

   Address realm - An address realm is a realm of unique network
   addresses that are routable within the realm. For example, an
   enterprise address realm could be constituted of private IP
   addresses in the ranges specified in RFC 1918 [RFC1918], which
   are routable within the enterprise, but not across the Internet.
   A public realm is constituted of globally unique network
   addresses.

[And add RFC 1918 to the Informative References]

-----------

OLD:

   NAT Session - A NAT session is an association between a session
   as seen in the private realm and a session as seen in the public
   realm, by virtue of NAT translation. If a session in the private
   realm were to be represented as (PrivateSrcAddr, PrivateDstAddr,
   TransportProtocol, PrivateSrcPort, PrivateDstPort) and the
   same session in the public realm were to be represented as
   (PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort,
   PublicDstPort), the NAT session will provide the translation
   glue between the two session representations.

NEW:


   NAT Session - A NAT session is an association between a session
   as seen in the private realm and a session as seen in the public
   realm, by virtue of NAT translation. If a session in the private
   realm were to be represented as (PrivateSrcAddr, PrivateDstAddr,
   TransportProtocol, PrivateSrcPort, PrivateDstPort) and the
   same session in the public realm were to be represented as
   (PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort,
   PublicDstPort), the NAT session will provide the translation
   glue between the two session representations. NAT sessions in
   the document are restricted to sessions based on TCP and UDP
   only . In the future, NAT sessions may be extended to be based
   on other transport protocols such as SCTP, UDP-lite and DCCP.


-----------
Section 5.  Definitions 

OLD:
natAddrBindEntry OBJECT-TYPE
    SYNTAX     NatAddrBindEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "Each entry in this table holds information about
             an active address BIND. These entries are lost
             upon agent restart."
    INDEX   { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr }
    ::= { natAddrBindTable 1 }

NEW:
natAddrBindEntry OBJECT-TYPE
    SYNTAX     NatAddrBindEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "Each entry in this table holds information about
             an active address BIND. These entries are lost
             upon agent restart.

             This row has indexing which may create variables with
             more than 128 subidentifiers. Implementers of this table
             must be careful not to create entries that would result
             in OIDs which exceed the 128 subidentifier limit.
             Otherwise, the information cannot be accessed using
             SNMPv1, SNMPv2c or SNMPv3."

    INDEX   { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr }
    ::= { natAddrBindTable 1 }

-----

OLD:
natAddrBindLocalAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "This object represents the private-realm specific network
             layer address, which maps to the public-realm address
             represented by natAddrBindGlobalAddr.


             The type of this address is determined by the value of
             the natAddrBindLocalAddrType object.

             As this object is used in the index for the
             natAddrBindTable, implementers of this table should be
             careful not to create entries that would result in OIDs
             with more than 128 subidentifiers; else the information
             cannot be accessed using SNMPv1, SNMPv2c or SNMPv3."

    ::= { natAddrBindEntry 2 }

NEW:
natAddrBindLocalAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "This object represents the private-realm specific network
             layer address, which maps to the public-realm address
             represented by natAddrBindGlobalAddr.


             The type of this address is determined by the value of
             the natAddrBindLocalAddrType object."

            
   ::= { natAddrBindEntry 2 }

------

OLD:

natAddrPortBindEntry OBJECT-TYPE
    SYNTAX     NatAddrPortBindEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "Each entry in the this table holds information
             about a NAPT bind that is currently active.
             These entries are lost upon agent restart."
    INDEX   { ifIndex, natAddrPortBindLocalAddrType,
              natAddrPortBindLocalAddr, natAddrPortBindLocalPort,
              natAddrPortBindProtocol }
    ::= { natAddrPortBindTable 1 }

NEW:

natAddrPortBindEntry OBJECT-TYPE
    SYNTAX     NatAddrPortBindEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "Each entry in the this table holds information
             about a NAPT bind that is currently active.
             These entries are lost upon agent restart.

             This row has indexing which may create variables with
             more than 128 subidentifiers. Implementers of this table
             must be careful not to create entries which would result
             in OIDs that exceed the 128 subidentifier limit. 
             Otherwise, the information cannot be accessed using
             SNMPv1, SNMPv2c or SNMPv3."
    INDEX   { ifIndex, natAddrPortBindLocalAddrType,
              natAddrPortBindLocalAddr, natAddrPortBindLocalPort,
              natAddrPortBindProtocol }
    ::= { natAddrPortBindTable 1 }

------

OLD:
natAddrPortBindLocalAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "This object represents the private-realm specific network
             layer address which, in conjunction with
             natAddrPortBindLocalPort, maps to the public-realm
             network layer address and transport id represented by
             natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort
             respectively.


             The type of this address is determined by the value of
             the natAddrPortBindLocalAddrType object.


             As this object is used in the index for the
             natAddrPortBindTable, implementers of this table should
             be careful not to create entries that would result in
             OIDs with more than 128 subidentifiers; else the
             information cannot be accessed using SNMPv1, SNMPv2c or
             SNMPv3."
    ::= { natAddrPortBindEntry 2 }

NEW:
natAddrPortBindLocalAddr OBJECT-TYPE
    SYNTAX     InetAddress
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "This object represents the private-realm specific network
             layer address which, in conjunction with
             natAddrPortBindLocalPort, maps to the public-realm
             network layer address and transport id represented by
             natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort
             respectively.


             The type of this address is determined by the value of
             the natAddrPortBindLocalAddrType object."
    ::= { natAddrPortBindEntry 2 }

-----

OLD:
natMIB MODULE-IDENTITY
     LAST-UPDATED "200404180000Z"
     ORGANIZATION "Individuals"

NEW:
natMIB MODULE-IDENTITY
     LAST-UPDATED "200404180000Z"
     ORGANIZATION "IETF Transport Area"