Definitions of Managed Objects for Middlebox Communication
RFC 5190
Network Working Group J. Quittek
Request for Comments: 5190 M. Stiemerling
Category: Standards Track NEC
P. Srisuresh
Kazeon Systems
March 2008
Definitions of Managed Objects for Middlebox Communication
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This memo defines a portion of the Management Information Base (MIB)
for use with network management protocols in the Internet community.
In particular, it describes a set of managed objects that allow
configuring middleboxes, such as firewalls and network address
translators, in order to enable communication across these devices.
The definitions of managed objects in this documents follow closely
the MIDCOM semantics defined in RFC 5189.
Quittek, et al. Standards Track [Page 1]
RFC 5190 MIDCOM MIB March 2008
Table of Contents
1. Introduction ....................................................4
2. The Internet-Standard Management Framework ......................4
3. Overview ........................................................4
3.1. Terminology ................................................5
4. Realizing the MIDCOM Protocol with SNMP .........................6
4.1. MIDCOM Sessions ............................................6
4.1.1. Authentication and Authorization ....................6
4.2. MIDCOM Transactions ........................................7
4.2.1. Asynchronous Transactions ...........................7
4.2.2. Configuration Transactions ..........................8
4.2.3. Monitoring Transactions ............................11
4.2.4. Atomicity of MIDCOM Transactions ...................12
4.2.4.1. Asynchronous MIDCOM Transactions ..........12
4.2.4.2. Session Establishment and
Termination Transactions ..................12
4.2.4.3. Monitoring Transactions ...................13
4.2.4.4. Lifetime Change Transactions ..............13
4.2.4.5. Transactions Establishing New
Policy Rules ..............................14
4.2.5. Access Control .....................................14
4.3. Access Control Policies ...................................14
5. Structure of the MIB Module ....................................15
5.1. Transaction Objects .......................................16
5.1.1. midcomRuleTable ....................................17
5.1.2. midcomGroupTable ...................................19
5.2. Configuration Objects .....................................20
5.2.1. Capabilities .......................................20
5.2.2. midcomConfigFirewallTable ..........................21
5.3. Monitoring Objects ........................................22
5.3.1. midcomResourceTable ................................22
5.3.2. midcomStatistics ...................................24
5.4. Notifications .............................................25
6. Recommendations for Configuration and Operation ................26
6.1. Security Model Configuration ..............................26
6.2. VACM Configuration ........................................27
6.3. Notification Configuration ................................28
6.4. Simultaneous Access .......................................28
6.5. Avoiding Idempotency Problems .............................29
6.6. Interface Indexing Problems ...............................29
6.7. Applicability Restrictions ................................30
7. Usage Examples for MIDCOM Transactions .........................30
7.1. Session Establishment (SE) ................................31
7.2. Session Termination (ST) ..................................31
7.3. Policy Reserve Rule (PRR) .................................31
7.4. Policy Enable Rule (PER) after PRR ........................33
7.5. Policy Enable Rule (PER) without Previous PRR .............34
Quittek, et al. Standards Track [Page 2]
RFC 5190 MIDCOM MIB March 2008
Show full document text