The IESG has approved the following document: - 'Definitions of Managed Objects for Network Address Translators (NAT) ' <draft-ietf-nat-natmib-09.txt> as a Proposed Standard This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Allison Mankin. Technical Summary This document defines a portion of the Management Information Base (MIB) for devices implementing Network Address Translator (NAT) function. This MIB module may be used for configuration of specific aspects of the NAT function (but in particular, not to configure NAT bindings). Firewall configuration, in a NAT-firewall-combining device, is specifically outside the scope of this document. Working Group Summary Although this document is an individual submission (developed largely after closure of IETF's NAT working group, it was reviewed by the MIDCOM working group. A good number of comments were received from MIDCOM participants. Protocol Quality This specification was reviewed for the IESG by Allison Mankin, Bert Wijnen, and Juergen Schoenwaelder, of the MIB Doctors. RFC Editor Notes Section 3. Terminology OLD: Definitions for majority of the terms used throughout the document may be found in RFC 2663 [RFC2663]. Additional terms that further classify NAPT implementations are defined in RFC 3489 [RFC3489]. Listed below are terms used in this document NEW: Definitions for majority of the terms used throughout the document may be found in RFC 2663 [RFC2663]. Additional terms that further classify NAPT implementations are defined in RFC 3489 [RFC3489]. Listed below are terms used in this document Address realm - An address realm is a realm of unique network addresses that are routable within the realm. For example, an enterprise address realm could be constituted of private IP addresses in the ranges specified in RFC 1918 [RFC1918], which are routable within the enterprise, but not across the Internet. A public realm is constituted of globally unique network addresses. [And add RFC 1918 to the Informative References] ----------- OLD: NAT Session - A NAT session is an association between a session as seen in the private realm and a session as seen in the public realm, by virtue of NAT translation. If a session in the private realm were to be represented as (PrivateSrcAddr, PrivateDstAddr, TransportProtocol, PrivateSrcPort, PrivateDstPort) and the same session in the public realm were to be represented as (PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort, PublicDstPort), the NAT session will provide the translation glue between the two session representations. NEW: NAT Session - A NAT session is an association between a session as seen in the private realm and a session as seen in the public realm, by virtue of NAT translation. If a session in the private realm were to be represented as (PrivateSrcAddr, PrivateDstAddr, TransportProtocol, PrivateSrcPort, PrivateDstPort) and the same session in the public realm were to be represented as (PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort, PublicDstPort), the NAT session will provide the translation glue between the two session representations. NAT sessions in the document are restricted to sessions based on TCP and UDP only . In the future, NAT sessions may be extended to be based on other transport protocols such as SCTP, UDP-lite and DCCP. ----------- Section 5. Definitions OLD: natAddrBindEntry OBJECT-TYPE SYNTAX NatAddrBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in this table holds information about an active address BIND. These entries are lost upon agent restart." INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr } ::= { natAddrBindTable 1 } NEW: natAddrBindEntry OBJECT-TYPE SYNTAX NatAddrBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in this table holds information about an active address BIND. These entries are lost upon agent restart. This row has indexing which may create variables with more than 128 subidentifiers. Implementers of this table must be careful not to create entries that would result in OIDs which exceed the 128 subidentifier limit. Otherwise, the information cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr } ::= { natAddrBindTable 1 } ----- OLD: natAddrBindLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the private-realm specific network layer address, which maps to the public-realm address represented by natAddrBindGlobalAddr. The type of this address is determined by the value of the natAddrBindLocalAddrType object. As this object is used in the index for the natAddrBindTable, implementers of this table should be careful not to create entries that would result in OIDs with more than 128 subidentifiers; else the information cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." ::= { natAddrBindEntry 2 } NEW: natAddrBindLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the private-realm specific network layer address, which maps to the public-realm address represented by natAddrBindGlobalAddr. The type of this address is determined by the value of the natAddrBindLocalAddrType object." ::= { natAddrBindEntry 2 } ------ OLD: natAddrPortBindEntry OBJECT-TYPE SYNTAX NatAddrPortBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the this table holds information about a NAPT bind that is currently active. These entries are lost upon agent restart." INDEX { ifIndex, natAddrPortBindLocalAddrType, natAddrPortBindLocalAddr, natAddrPortBindLocalPort, natAddrPortBindProtocol } ::= { natAddrPortBindTable 1 } NEW: natAddrPortBindEntry OBJECT-TYPE SYNTAX NatAddrPortBindEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Each entry in the this table holds information about a NAPT bind that is currently active. These entries are lost upon agent restart. This row has indexing which may create variables with more than 128 subidentifiers. Implementers of this table must be careful not to create entries which would result in OIDs that exceed the 128 subidentifier limit. Otherwise, the information cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." INDEX { ifIndex, natAddrPortBindLocalAddrType, natAddrPortBindLocalAddr, natAddrPortBindLocalPort, natAddrPortBindProtocol } ::= { natAddrPortBindTable 1 } ------ OLD: natAddrPortBindLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the private-realm specific network layer address which, in conjunction with natAddrPortBindLocalPort, maps to the public-realm network layer address and transport id represented by natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort respectively. The type of this address is determined by the value of the natAddrPortBindLocalAddrType object. As this object is used in the index for the natAddrPortBindTable, implementers of this table should be careful not to create entries that would result in OIDs with more than 128 subidentifiers; else the information cannot be accessed using SNMPv1, SNMPv2c or SNMPv3." ::= { natAddrPortBindEntry 2 } NEW: natAddrPortBindLocalAddr OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS not-accessible STATUS current DESCRIPTION "This object represents the private-realm specific network layer address which, in conjunction with natAddrPortBindLocalPort, maps to the public-realm network layer address and transport id represented by natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort respectively. The type of this address is determined by the value of the natAddrPortBindLocalAddrType object." ::= { natAddrPortBindEntry 2 } ----- OLD: natMIB MODULE-IDENTITY LAST-UPDATED "200404180000Z" ORGANIZATION "Individuals" NEW: natMIB MODULE-IDENTITY LAST-UPDATED "200404180000Z" ORGANIZATION "IETF Transport Area" _______________________________________________ IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce