Internet DRAFT - draft-perreault-sunset4-cgn-mib
draft-perreault-sunset4-cgn-mib
Network Working Group S. Perreault
Internet-Draft Viagenie
Intended status: Standards Track T. Tsou
Expires: January 10, 2013 Huawei Technologies (USA)
S. Sivakumar
Cisco Systems
July 9, 2012
Managed Objects for Carrier Grade NAT (CGN)
draft-perreault-sunset4-cgn-mib-00
Abstract
This memo defines a portion of the Management Information Base (MIB)
that may be used for monitoring of a device capable of Carrier Grade
NAT function.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 10, 2013.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
Perreault, et al. Expires January 10, 2013 [Page 1]
Internet-Draft CGN MIB July 2012
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3
5. Security Considerations . . . . . . . . . . . . . . . . . . . . 9
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9
7. Normative References . . . . . . . . . . . . . . . . . . . . . 9
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9
Perreault, et al. Expires January 10, 2013 [Page 2]
Internet-Draft CGN MIB July 2012
1. Introduction
[I-D.ietf-behave-nat-mib] defines objects for managing network
address translators (NATs). This document builds on top of it,
defining objects specifically for Carrier Grade NATs (CGN).
2. Terminology
The "CGN" term is defined in [I-D.ietf-behave-lsn-requirements].
3. Overview
New features in this module are as follows:
Per-subscriber counters, limits, and notifications: Carrier-Grade
NATs operate with a notion of "subscriber", to which are
associated a set of counters, limits, and notifications. The
subscriber identifier may not necessarily be an internal address,
as in the case of DS-Lite, where the identifier is the IPv6
address of the tunnel endpoint and the internal addresses are the
same for each subscriber.
4. Definitions
The following objects are added to the MIB module defined in
[I-D.ietf-behave-nat-mib].
-- notifications
newNatNotifSubscriberMappings NOTIFICATION-TYPE
OBJECTS { newNatSubscriberCntMappings }
STATUS current
DESCRIPTION
"This notification is generated when newNatSubscriberCntMappings
exceeds the value of newNatSubscriberMapNotifyThresh, unless
newNatSubscriberMapNotifyThresh is zero.."
::= { newNatNotifications 5 }
-- limits
newNatLimitSubscribers OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
Perreault, et al. Expires January 10, 2013 [Page 3]
Internet-Draft CGN MIB July 2012
DESCRIPTION
"Global limit on the number of subscribers with active mappings.
Zero means unlimited."
::= { newNatLimits 6 }
-- subscribers
newNatSubscribers OBJECT IDENTIFIER ::= { newNatObjects 5 }
newNatSubscribersTable OBJECT-TYPE
SYNTAX SEQUENCE OF NewNatSubscribersTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of CGN subscribers."
::= { newNatSubscribers 1 }
newNatSubscribersTableEntry OBJECT-TYPE
SYNTAX NewNatSubscribersTableEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry describes a single CGN subscriber."
INDEX { newNatSubscriberIdentifierType,
newNatSubscriberIdentifier }
::= { newNatSubscribersTable 1 }
NewNatSubscribersTableEntry ::=
SEQUENCE {
newNatSubscriberIdentifierType InetAddressType,
newNatSubscriberIdentifier InetAddress,
newNatSubscriberIntPrefixType InetAddressType,
newNatSubscriberIntPrefix InetAddress,
newNatSubscriberIntPrefixLength InetAddressPrefixLength,
newNatSubscriberPool NatPoolIndex,
newNatSubscriberCntTranslates Counter64,
newNatSubscriberCntOOP Counter64,
newNatSubscriberCntResource Counter64,
newNatSubscriberCntStateMismatch Counter64,
newNatSubscriberCntQuota Counter64,
newNatSubscriberCntMappings Gauge32,
newNatSubscriberCntMapCreations Counter64,
newNatSubscriberCntMapRemovals Counter64,
newNatSubscriberLimitMappings Unsigned32,
newNatSubscriberMapNotifyThresh Unsigned32
}
Perreault, et al. Expires January 10, 2013 [Page 4]
Internet-Draft CGN MIB July 2012
newNatSubscriberIdentifierType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address type of the subscriber identifier."
::= { newNatSubscribersTableEntry 1 }
newNatSubscriberIdentifier OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address used for uniquely identifying the subscriber.
In traditional NAT, this is the internal address assigned to
the CPE. In case an address range is assigned to a subscriber,
the first address in the range is used as identifier. For
tunnelled connectivity (e.g., DS-Lite [RFC6333]), the outer
address is used as identifier (i.e., the IPv6 address in the
case of DS-Lite)."
::= { newNatSubscribersTableEntry 2 }
newNatSubscriberIntPrefixType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Subscriber's internal prefix type."
::= { newNatSubscribersTableEntry 3 }
newNatSubscriberIntPrefix OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Prefix assigned to a subscriber's CPE."
::= { newNatSubscribersTableEntry 4 }
newNatSubscriberIntPrefixLength OBJECT-TYPE
SYNTAX InetAddressPrefixLength
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Length of the prefix assigned to a subscriber's CPE, in bits.
In case a single address is assigned, this will be 32 for IPv4
and 128 for IPv6."
::= { newNatSubscribersTableEntry 5 }
Perreault, et al. Expires January 10, 2013 [Page 5]
Internet-Draft CGN MIB July 2012
newNatSubscriberPool OBJECT-TYPE
SYNTAX NatPoolIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"External address pool to which this subscriber belongs."
::= { newNatSubscribersTableEntry 6 }
newNatSubscriberCntTranslates OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or sent to this subscriber
and to which NAT has been applied."
::= { newNatSubscribersTableEntry 7 }
newNatSubscriberCntOOP OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from this subscriber to which
NAT could not be applied because no external port was
available, excluding quota limitations."
::= { newNatSubscribersTableEntry 8 }
newNatSubscriberCntResource OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from this subscriber to which
NAT could not be applied because of resource constraints
(excluding out-of-ports condition)."
::= { newNatSubscribersTableEntry 9 }
newNatSubscriberCntStateMismatch OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or destined to this
subscriber to which NAT could not be applied because of mapping
state mismatch. For example, a TCP packet that matches an
existing mapping but is dropped because its flags are
incompatible with the current state of the mapping would cause
this counter to be incremented."
Perreault, et al. Expires January 10, 2013 [Page 6]
Internet-Draft CGN MIB July 2012
::= { newNatSubscribersTableEntry 10 }
newNatSubscriberCntQuota OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets received from or destined to this
subscriber to which NAT could not be applied because of quota
limitations. Quotas include absolute limits as well as limits
on the rate of allocation."
::= { newNatSubscribersTableEntry 11 }
newNatSubscriberCntMappings OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of currently active mappings created by or for this
subscriber.
Equal to newNatSubscriberCntMapRemovals -
newNatSubscriberCntMapCreations."
::= { newNatSubscribersTableEntry 12 }
newNatSubscriberCntMapCreations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of mappings created by or for this subscriber."
::= { newNatSubscribersTableEntry 13 }
newNatSubscriberCntMapRemovals OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of mappings removed by or for this subscriber."
::= { newNatSubscribersTableEntry 14 }
newNatSubscriberLimitMappings OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Limit on the number of active mappings created by or for this
subscriber. Zero means unlimited."
Perreault, et al. Expires January 10, 2013 [Page 7]
Internet-Draft CGN MIB July 2012
::= { newNatSubscribersTableEntry 15 }
newNatSubscriberMapNotifyThresh OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"See newNatNotifSubscriberMappings."
::= { newNatSubscribersTableEntry 16 }
-- conformance groups
newNatGroupSubscriberObjects OBJECT-GROUP
OBJECTS { newNatSubscriberIntPrefixType,
newNatSubscriberIntPrefix,
newNatSubscriberIntPrefixLength,
newNatSubscriberPool,
newNatSubscriberCntTranslates,
newNatSubscriberCntOOP,
newNatSubscriberCntResource,
newNatSubscriberCntStateMismatch,
newNatSubscriberCntQuota,
newNatSubscriberCntMappings,
newNatSubscriberCntMapCreations,
newNatSubscriberCntMapRemovals,
newNatSubscriberLimitMappings,
newNatSubscriberMapNotifyThresh,
newNatLimitSubscribers }
STATUS current
DESCRIPTION
"Per-subscriber counters, limits, and thresholds."
::= { newNatGroups 4 }
-- compliance statements
newNatCGNCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"NATs that have 'Paired IP address pooling' and 'Receive
Fragments Out of Order' behavior [RFC4787] and implement the
objects in this group can claim this level of compliance.
This level of compliance is to be expected of a CGN compliant
with [I-D.ietf-behave-lsn-requiremnents]."
MODULE -- this module
MANDATORY-GROUPS { newNatGroupBasicObjects,
Perreault, et al. Expires January 10, 2013 [Page 8]
Internet-Draft CGN MIB July 2012
newNatGroupBasicNotifications,
newNatGroupAddrMapObjects,
newNatGroupAddrMapNotifications,
newNatGroupFragmentObjects,
newNatGroupSubscriberObjects,
newNatGroupSubscriberNotifs }
::= { newNatCompliance 4 }
5. Security Considerations
TBD
6. IANA Considerations
TBD
7. Normative References
[I-D.ietf-behave-lsn-requirements]
Perreault, S., Yamagata, I., Miyakawa, S., Nakagawa, A.,
and H. Ashida, "Common requirements for Carrier Grade NATs
(CGNs)", draft-ietf-behave-lsn-requirements-07 (work in
progress), June 2012.
[I-D.ietf-behave-nat-mib]
Perreault, S., Tsou, T., and S. Sivakumar, "Additional
Managed Objects for Network Address Translators (NAT)",
draft-ietf-behave-nat-mib-01 (work in progress),
June 2012.
Authors' Addresses
Simon Perreault
Viagenie
246 Aberdeen
Quebec, QC G1R 2E1
Canada
Phone: +1 418 656 9254
Email: simon.perreault@viagenie.ca
URI: http://viagenie.ca
Perreault, et al. Expires January 10, 2013 [Page 9]
Internet-Draft CGN MIB July 2012
Tina Tsou
Huawei Technologies (USA)
2330 Central Expressway
Santa Clara, CA 95050
USA
Phone: +1 408 330 4424
Email: tina.tsou.zouting@huawei.com
Senthil Sivakumar
Cisco Systems
7100-8 Kit Creek Road
Research Triangle Park, North Carolina 27709
USA
Phone: +1 919 392 5158
Email: ssenthil@cisco.com
Perreault, et al. Expires January 10, 2013 [Page 10]