The IESG has approved the following document:
- 'Definitions of Managed Objects for Network Address Translators (NAT) '
<draft-ietf-nat-natmib-09.txt> as a Proposed Standard
This document has been reviewed in the IETF but is not the product of an
IETF Working Group.
The IESG contact person is Allison Mankin.
Technical Summary
This document defines a portion of the Management Information Base (MIB) for
devices implementing Network Address Translator (NAT) function. This MIB
module may be used for configuration of specific aspects of the NAT function
(but in particular, not to configure NAT bindings). Firewall configuration, in
a NAT-firewall-combining device, is specifically outside the scope of this
document.
Working Group Summary
Although this document is an individual submission (developed largely after
closure of IETF's NAT working group, it was reviewed by the MIDCOM working
group. A good number of comments were received from MIDCOM participants.
Protocol Quality
This specification was reviewed for the IESG by Allison Mankin, Bert Wijnen,
and Juergen Schoenwaelder, of the MIB Doctors.
RFC Editor Notes
Section 3. Terminology
OLD:
Definitions for majority of the terms used throughout the document
may be found in RFC 2663 [RFC2663]. Additional terms that further
classify NAPT implementations are defined in RFC 3489 [RFC3489].
Listed below are terms used in this document
NEW:
Definitions for majority of the terms used throughout the document
may be found in RFC 2663 [RFC2663]. Additional terms that further
classify NAPT implementations are defined in RFC 3489 [RFC3489].
Listed below are terms used in this document
Address realm - An address realm is a realm of unique network
addresses that are routable within the realm. For example, an
enterprise address realm could be constituted of private IP
addresses in the ranges specified in RFC 1918 [RFC1918], which
are routable within the enterprise, but not across the Internet.
A public realm is constituted of globally unique network
addresses.
[And add RFC 1918 to the Informative References]
-----------
OLD:
NAT Session - A NAT session is an association between a session
as seen in the private realm and a session as seen in the public
realm, by virtue of NAT translation. If a session in the private
realm were to be represented as (PrivateSrcAddr, PrivateDstAddr,
TransportProtocol, PrivateSrcPort, PrivateDstPort) and the
same session in the public realm were to be represented as
(PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort,
PublicDstPort), the NAT session will provide the translation
glue between the two session representations.
NEW:
NAT Session - A NAT session is an association between a session
as seen in the private realm and a session as seen in the public
realm, by virtue of NAT translation. If a session in the private
realm were to be represented as (PrivateSrcAddr, PrivateDstAddr,
TransportProtocol, PrivateSrcPort, PrivateDstPort) and the
same session in the public realm were to be represented as
(PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort,
PublicDstPort), the NAT session will provide the translation
glue between the two session representations. NAT sessions in
the document are restricted to sessions based on TCP and UDP
only . In the future, NAT sessions may be extended to be based
on other transport protocols such as SCTP, UDP-lite and DCCP.
-----------
Section 5. Definitions
OLD:
natAddrBindEntry OBJECT-TYPE
SYNTAX NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in this table holds information about
an active address BIND. These entries are lost
upon agent restart."
INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr }
::= { natAddrBindTable 1 }
NEW:
natAddrBindEntry OBJECT-TYPE
SYNTAX NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in this table holds information about
an active address BIND. These entries are lost
upon agent restart.
This row has indexing which may create variables with
more than 128 subidentifiers. Implementers of this table
must be careful not to create entries that would result
in OIDs which exceed the 128 subidentifier limit.
Otherwise, the information cannot be accessed using
SNMPv1, SNMPv2c or SNMPv3."
INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr }
::= { natAddrBindTable 1 }
-----
OLD:
natAddrBindLocalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the private-realm specific network
layer address, which maps to the public-realm address
represented by natAddrBindGlobalAddr.
The type of this address is determined by the value of
the natAddrBindLocalAddrType object.
As this object is used in the index for the
natAddrBindTable, implementers of this table should be
careful not to create entries that would result in OIDs
with more than 128 subidentifiers; else the information
cannot be accessed using SNMPv1, SNMPv2c or SNMPv3."
::= { natAddrBindEntry 2 }
NEW:
natAddrBindLocalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the private-realm specific network
layer address, which maps to the public-realm address
represented by natAddrBindGlobalAddr.
The type of this address is determined by the value of
the natAddrBindLocalAddrType object."
::= { natAddrBindEntry 2 }
------
OLD:
natAddrPortBindEntry OBJECT-TYPE
SYNTAX NatAddrPortBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the this table holds information
about a NAPT bind that is currently active.
These entries are lost upon agent restart."
INDEX { ifIndex, natAddrPortBindLocalAddrType,
natAddrPortBindLocalAddr, natAddrPortBindLocalPort,
natAddrPortBindProtocol }
::= { natAddrPortBindTable 1 }
NEW:
natAddrPortBindEntry OBJECT-TYPE
SYNTAX NatAddrPortBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the this table holds information
about a NAPT bind that is currently active.
These entries are lost upon agent restart.
This row has indexing which may create variables with
more than 128 subidentifiers. Implementers of this table
must be careful not to create entries which would result
in OIDs that exceed the 128 subidentifier limit.
Otherwise, the information cannot be accessed using
SNMPv1, SNMPv2c or SNMPv3."
INDEX { ifIndex, natAddrPortBindLocalAddrType,
natAddrPortBindLocalAddr, natAddrPortBindLocalPort,
natAddrPortBindProtocol }
::= { natAddrPortBindTable 1 }
------
OLD:
natAddrPortBindLocalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the private-realm specific network
layer address which, in conjunction with
natAddrPortBindLocalPort, maps to the public-realm
network layer address and transport id represented by
natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort
respectively.
The type of this address is determined by the value of
the natAddrPortBindLocalAddrType object.
As this object is used in the index for the
natAddrPortBindTable, implementers of this table should
be careful not to create entries that would result in
OIDs with more than 128 subidentifiers; else the
information cannot be accessed using SNMPv1, SNMPv2c or
SNMPv3."
::= { natAddrPortBindEntry 2 }
NEW:
natAddrPortBindLocalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the private-realm specific network
layer address which, in conjunction with
natAddrPortBindLocalPort, maps to the public-realm
network layer address and transport id represented by
natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort
respectively.
The type of this address is determined by the value of
the natAddrPortBindLocalAddrType object."
::= { natAddrPortBindEntry 2 }
-----
OLD:
natMIB MODULE-IDENTITY
LAST-UPDATED "200404180000Z"
ORGANIZATION "Individuals"
NEW:
natMIB MODULE-IDENTITY
LAST-UPDATED "200404180000Z"
ORGANIZATION "IETF Transport Area"
_______________________________________________
IETF-Announce@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf-announce
