NAT Working Group R. Raghunarayan
INTERNET-DRAFT N. Pai
Expires March 2002 Cisco Systems, Inc.
R. Rohit
World Wide Packets, Inc.
C. Wang
SmartPipes, Inc.
September 2001
Definitions of Managed Objects for Network Address Translators (NAT)
<draft-ietf-nat-natmib-01.txt>
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026 [16].
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet- Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This memo defines a Management Information Base (MIB) for use with
network management protocols in the Internet community. In
particular, it describes managed objects used for managing Network
Address Translators (NAT).
Rohit, Pai, Raghunarayan, Wang [Page 1]
INTERNET-DRAFT NAT MIB September 2001
Table of Contents
1 Introduction ................................................2
2 The Network Management Framework.............................2
3 Terminology..................................................3
4 Overview.....................................................3
5 Definitions .................................................5
6 Security Considerations.....................................45
7 Future Directions...........................................46
8 References .................................................46
9 Acknowledgements ...........................................47
10 Author's Addresses .........................................48
11 Change History .............................................48
1. Introduction
This memo defines a portion of the Management Information Base
(MIB) for use with network management protocols in the Internet
community. In particular, it describes objects used for managing
Network Address Translators (NAT) [17,19].
2. The Network Management Framework
The SNMP Management Framework presently consists of five major
components:
o An overall architecture, described in RFC 2571 [1].
o Mechanisms for describing and naming objects and events for
the purpose of management. The first version of this Structure
of Management Information (SMI) is called SMIv1 and described
in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215
[4]. The second version, called SMIv2, is described in STD 58,
RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7].
o Message protocols for transferring management information.
The first version of the SNMP message protocol is called
SNMPv1 and is described in STD 15, RFC 1157 [8]. A second
version of the SNMP message protocol, which is not an Internet
standards track protocol, is called SNMPv2c and described in
RFC 1901 [9] and RFC 1906 [10]. The third version of the
message protocol is called SNMPv3 and described in RFC 1906
[10], RFC 2572 [11] and RFC 2574 [12].
o Protocol operations for accessing management information. The
first set of protocol operations and associated PDU formats is
described in STD 15, RFC 1157 [8]. A second set of protocol
operations and associated PDU formats is described in RFC 1905
[13].
Rohit, Pai, Raghunarayan, Wang [Page 2]
INTERNET-DRAFT NAT MIB September 2001
o A set of fundamental applications described in RFC 2573 [14]
and the view-based access control mechanism described in RFC
2575 [15].
Managed Objects are accessed via virtual information store, termed
the Management Information Base or MIB. Objects in the MIB are
defined using a subset of Abstract Syntax Notation One (ASN.1)
defined in the SMIv2.
This memo specifies a MIB module that is compliant to the SMIv2. A
MIB conforming to the SMIv1 can be produced through the appropriate
translations. The resulting translated MIB must be semantically
equivalent, except where objects or events are omitted because no
translation is possible (use of Counter64). Some machine readable
information in SMIv2 will be converted into textual descriptions in
SMIv1 during the translation process. However, this loss of
machine readable information is not considered to change the
semantics of the MIB.
3. Terminology
The terminology used throughout this document is mostly as per RFC
2663 [18].
The term NAT has been used generically, throughout the document,
to represent both NAT and NAPT. In cases, where necessary, NAPT and
NAT will be used to mean port translation and address translation
respectively, and appropriate usage would be clear from the
context.
The terms public/private are used throughout the document in the
context of networks, while the terms local/global are used when
referring to addresses and ports.
4. Overview
The MIB module has been split into three groups:
o the configuration group,
o the bind group, and
o the statistics group.
The configuration group consists of four tables and two scalars:
o the generic configuration table, which specifies among other
things the type of NAT to be employed and the associated timers.
o the static address map table, which is an extension of the
generic configuration table, and specifies information required
to setup static NAT.
o the dynamic address map table, which again is an extension of the
generic configuration table, but specifies information required
to setup dynamic NAT.
Rohit, Pai, Raghunarayan, Wang [Page 3]
INTERNET-DRAFT NAT MIB September 2001
o the interfaces table, which holds information regarding
interfaces on which NAT is enabled.
o the two scalars are used to monitor address thresholds and
generate notifications when the thresholds are crossed.
The bind group consists of two scalars and three tables:
o the scalars, natAddrBindNumberOfEntries and
natAddrPortBindNumberOfEntries, hold the number of entries
the currently exist in the Address bind and the Address-Port
bind tables respectively.
o the Address bind table, which holds the currently active
address mappings.
o the Address-Port bind table, which holds the currently active
transport mappings.
o the session table, holds information regarding active NAT
sessions.
And finally, the statistics group consists of three tables:
o the Protocol stats table, which holds NAT statistics on a per
protocol basis.
o the Address Map stats table, which holds NAT statistics on a
per address map basis.
o the Interface stats table, which holds NAT statistics on a per
interface basis
There are also two notifications defined in the MIB:
o natAddressUseRising notifies the end user/manager of the address
usage exceeding a pre-defined threshold.
o And finally, natPacketDiscard notifies the end user/manager of
packets being discarded due to lack of address mappings.
Rohit, Pai, Raghunarayan, Wang [Page 4]
INTERNET-DRAFT NAT MIB September 2001
5. Definitions
NAT-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY,
OBJECT-TYPE,
Integer32,
Unsigned32,
Gauge32,
Counter32,
TimeTicks,
IpAddress, -- NOTE: To be replaced with
-- InetAddress/InetAddressType throughout the MIB.
mib-2,
NOTIFICATION-TYPE
FROM SNMPv2-SMI
MODULE-COMPLIANCE,
NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF
TEXTUAL-CONVENTION,
StorageType,
RowStatus
FROM SNMPv2-TC
InterfaceIndex
FROM IF-MIB
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
Rohit, Pai, Raghunarayan, Wang [Page 5]
INTERNET-DRAFT NAT MIB September 2001
natMIB MODULE-IDENTITY
LAST-UPDATED "200109100000Z"
ORGANIZATION "IETF NAT Working Group"
CONTACT-INFO
" Rohit
World Wide Packets
115 North Sullivan Road
Veradale, Spokane, WA 99037
Phone: +1 509 242 9320
Email: Rohit.Rohit@worldwidepackets.com
Nalinaksh Pai
Cisco Systems, Inc.
Prestige Waterford
No. 9, Brunton Road
Bangalore - 560 025
India
Phone: +91 80 532 1300
Email: npai@cisco.com
Rajiv Raghunarayan
Cisco Systems, Inc.
Prestige Waterford
No. 9, Brunton Road
Bangalore - 560 025
India
Phone: +91 80 532 1300
Email: rrajiv@cisco.com
Cliff Wang
SmartPipes Inc.
Suite 300, 565 Metro Place South
Dublin, OH 43017
Phone: +1 614 923 6241
Email: CWang@smartpipes.com
"
DESCRIPTION
"This MIB module defines the generic managed objects
for NAT."
REVISION "200109100000Z"
DESCRIPTION
"Notifications added."
REVISION "200103010000Z"
DESCRIPTION
"Initial version of this MIB module."
::= { mib-2 xx } -- xx to be assigned by RFC-editor.
natMIBObjects OBJECT IDENTIFIER ::= { natMIB 1 }
Rohit, Pai, Raghunarayan, Wang [Page 6]
INTERNET-DRAFT NAT MIB September 2001
--
-- The Groups
-- o natConfig - Pertaining to NAT configuration information
-- o natBind - Pertaining to the NAT BINDs/sessions.
-- o natStatistics - NAT statistics, other than those maintained
-- by the Bind and Session tables.
--
natConfig OBJECT IDENTIFIER ::= { natMIBObjects 1 }
natBind OBJECT IDENTIFIER ::= { natMIBObjects 2 }
natStatistics OBJECT IDENTIFIER ::= { natMIBObjects 3 }
--
-- Textual Conventions
--
NATProtocolType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A list of protocols that are affected by NAT.
Inclusion of values is not intended to imply that
those protocols need be supported."
SYNTAX INTEGER {
other (1), -- not specified
icmp (2),
udp (3),
tcp (4)
}
--
-- The Configuration Group
-- The NAT Generic Configuration Table
--
natConfTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatConfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table specifies the configuration attributes for a
device supporting NAT function."
::= { natConfig 1 }
natConfEntry OBJECT-TYPE
SYNTAX NatConfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the natConfTable holds a set of
configuration parameters associated with an instance
of NAT.
Rohit, Pai, Raghunarayan, Wang [Page 7]
INTERNET-DRAFT NAT MIB September 2001
Entries in the natConfTable are created and deleted
using the natConfStatus object."
INDEX { IMPLIED natConfName }
::= { natConfTable 1 }
--
-- NOTE: The protocol specific parameters need to be moved into
-- protocol specific tables.
--
NatConfEntry ::= SEQUENCE {
natConfName SnmpAdminString,
natConfServiceType INTEGER,
natConfTimeoutIcmpIdle Integer32,
natConfTimeoutUdpIdle Integer32,
natConfTimeoutTcpIdle Integer32,
natConfTimeoutTcpNeg Integer32,
natConfTimeoutOther Integer32,
natConfMaxBindLeaseTime Integer32,
natConfMaxBindIdleTime Integer32,
natConfStorageType StorageType,
natConfStatus RowStatus
}
natConfName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The locally arbitrary, but unique identifier
associated with this natConfEntry."
::= { natConfEntry 1 }
natConfServiceType OBJECT-TYPE
SYNTAX INTEGER {
basicNat (1),
napt (2),
bidirectionalNat (3),
twiceNat (4),
multihomedNat (5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An indication of the direction in which new sessions
are permitted and the extent of translation done within
the IP and transport headers."
::= { natConfEntry 2 }
Rohit, Pai, Raghunarayan, Wang [Page 8]
INTERNET-DRAFT NAT MIB September 2001
natConfTimeoutIcmpIdle OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The interval of time for which an ICMP protocol session,
associated with this configuration, is allowed to remain
valid without any activity."
-- 1 minute
DEFVAL { 60 }
::= { natConfEntry 3 }
natConfTimeoutUdpIdle OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The interval of time for which a UDP protocol session,
associated with this configuration, is allowed to remain
valid without any activity."
-- 5 minutes
DEFVAL { 300 }
::= { natConfEntry 4 }
natConfTimeoutTcpIdle OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The interval of time for which a TCP protocol session,
associated with this configuration, is allowed to remain
valid without any activity. This timeout value applies
to a TCP session during its data transfer phase."
-- 24 hours
DEFVAL { 86400 }
::= { natConfEntry 5 }
natConfTimeoutTcpNeg OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The interval of time for which a TCP protocol session,
associated with this configuration, is allowed to remain
valid without any activity. This timeout value applies
to a TCP session during its establishment and termination
phases."
Rohit, Pai, Raghunarayan, Wang [Page 9]
INTERNET-DRAFT NAT MIB September 2001
-- 1 minute
DEFVAL { 60 }
::= { natConfEntry 6 }
natConfTimeoutOther OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The interval of time for which a protocol session
other than ICMP, UDP and TCP, associated with this
configuration, is allowed to remain valid, without
any activity."
::= { natConfEntry 7 }
natConfMaxBindLeaseTime OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The maximum lease time for the BIND, associated with
this configuration. Unless the lease time is renewed, a
BIND will not be valid past the lease time. As a special
case, a value of 0 may be assumed to indicate no lease
time limit. Typically, this attribute is of relevance
only in conjunction with Realm-Specific-IP (RSIP)
operation."
DEFVAL { 0 }
::= { natConfEntry 8 }
natConfMaxBindIdleTime OBJECT-TYPE
SYNTAX Integer32 (0..2147483647)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The maximum time, associated with this configuration,
to allow a dynamic BIND to remain valid with no NAT
session hanging off this BIND. By default for NATIVE
NAT maximum Idle time is 0. External agents could
control this parameter differently. Static Binds and
lease time limited BINDs are not affected by this
parameter."
DEFVAL { 0 }
::= { natConfEntry 9 }
Rohit, Pai, Raghunarayan, Wang [Page 10]
INTERNET-DRAFT NAT MIB September 2001
natConfStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natConfEntry 10 }
natConfStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row."
::= { natConfEntry 11 }
--
-- The Static Address Map Table
--
natConfStaticAddrMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatConfStaticAddrMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lists configuration for static NAT
entries. This table has an expansion dependent
relationship on the natConfTable. When an SNMP entity
deletes a conceptual row from the natConfTable, then
the corresponding entries are deleted from
natConfStaticAddrMapTable."
::= { natConfig 2 }
natConfStaticAddrMapEntry OBJECT-TYPE
SYNTAX NatConfStaticAddrMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A description of a static NAT entry. This entry
contributes to the static NAT table of the device."
INDEX { natConfName, natConfStaticAddrMapName }
::= { natConfStaticAddrMapTable 1 }
--
-- NOTE: The natConfStaticAddrMapTable to be merged with
-- natConfDynamicAddrMapTable.
--
Rohit, Pai, Raghunarayan, Wang [Page 11]
INTERNET-DRAFT NAT MIB September 2001
NatConfStaticAddrMapEntry ::= SEQUENCE {
natConfStaticAddrMapName SnmpAdminString,
natConfStaticAddrMapType INTEGER,
natConfStaticLocalAddrFrom IpAddress,
natConfStaticLocalAddrTo IpAddress,
natConfStaticLocalPortFrom Integer32,
natConfStaticLocalPortTo Integer32,
natConfStaticGlobalAddrFrom IpAddress,
natConfStaticGlobalAddrTo IpAddress,
natConfStaticGlobalPortFrom Integer32,
natConfStaticGlobalPortTo Integer32,
natConfStaticProtocol BITS,
natConfStaticAddrMapStorageType StorageType,
natConfStaticAddrMapStatus RowStatus
}
natConfStaticAddrMapName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary, but unique identifier associated with this
natConfStaticAddrMapEntry. The value of this object is
unique across both the static address map and the dynamic
address map tables."
::= { natConfStaticAddrMapEntry 1 }
natConfStaticAddrMapType OBJECT-TYPE
SYNTAX INTEGER {
inbound (1),
outbound (2),
both (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Address (and Transport-ID) maps may be defined for both
inbound and outbound direction. Outbound address map
refers to mapping a selected set of addresses from
private realm to a selected set of addresses in external
realm; whereas inbound address map refers to mapping a
set of addresses from the external realm to private
realm."
::= { natConfStaticAddrMapEntry 2 }
natConfStaticLocalAddrFrom OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the first IP address of the range
of IP addresses mapped by this translation entry."
Rohit, Pai, Raghunarayan, Wang [Page 12]
INTERNET-DRAFT NAT MIB September 2001
::= { natConfStaticAddrMapEntry 3 }
natConfStaticLocalAddrTo OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the last IP address of the range of
IP addresses mapped by this translation entry. If only
a single address being mapped, the value of this object
is equal to the value of natConfStaticLocalAddrFrom. The
number addresses in the range defined by
natConfStaticLocalAddrFrtvpom and natConfStaticLocalAddrTo
should be equal to the number of addresses in the range
defined by natConfStaticGlobalAddrFrom and
natConfStaticGlobalAddrTo."
::= { natConfStaticAddrMapEntry 4 }
natConfStaticLocalPortFrom OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual row
describes NAPT, then the value of this object specifies
the first port number in the range of ports being
mapped. If the translation specifies a single port, then
the value of this object is equal to the value of
natConfStaticLocalPortTo."
::= { natConfStaticAddrMapEntry 5 }
natConfStaticLocalPortTo OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual row
describes NAPT, then the value of this object specifies
the last port number in the range of ports being mapped.
If the translation specifies a single port, then the
value of this object is equal to the value of
natConfStaticLocalPortFrom."
::= { natConfStaticAddrMapEntry 6 }
Rohit, Pai, Raghunarayan, Wang [Page 13]
INTERNET-DRAFT NAT MIB September 2001
natConfStaticGlobalAddrFrom OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the first IP address of the range of
IP addresses being mapped to."
::= { natConfStaticAddrMapEntry 7 }
natConfStaticGlobalAddrTo OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the last IP address of the range of
IP addresses being mapped to. If only a single address is
being mapped to, the value of this object is equal to the
value of natConfStaticGlobalAddrFrom.The number addresses
in the range defined by natConfStaticGlobalAddrFrom and
natConfStaticGlobalAddrTo should be equal to the number
of addresses in the range defined by
natConfStaticLocalAddrFrom and
natConfStaticLocalAddrTo. "
::= { natConfStaticAddrMapEntry 8 }
natConfStaticGlobalPortFrom OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual row
describes NAPT, then the value of this object specifies
the first port number in the range of ports being mapped
to. If the translation specifies a single port, then the
value of this object is equal to the value
natConfStaticGlobalPortTo."
::= { natConfStaticAddrMapEntry 9 }
natConfStaticGlobalPortTo OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual describes
NAPT, then the value of this object specifies the last
port number in the range of ports being to. If the
translation specifies a single port, then the value of
this object is equal to the value of
natConfStaticGlobalPortFrom."
::= { natConfStaticAddrMapEntry 10 }
Rohit, Pai, Raghunarayan, Wang [Page 14]
INTERNET-DRAFT NAT MIB September 2001
natConfStaticProtocol OBJECT-TYPE
SYNTAX BITS {
all (0),
other (1),
icmp (2),
udp (3),
tcp (4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies a protocol identifier. If the
value of this object is '0', then this basic NAT entry
applies to all IP traffic. If the value of this object
is non-zero, then this NAT entry only applies to IP
traffic with the specified protocol."
::= { natConfStaticAddrMapEntry 11 }
natConfStaticAddrMapStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natConfStaticAddrMapEntry 12 }
natConfStaticAddrMapStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row.
To create a row in this table, a manager must set this
object to either createAndGo(4) or createAndWait(5)."
::= { natConfStaticAddrMapEntry 13 }
Rohit, Pai, Raghunarayan, Wang [Page 15]
INTERNET-DRAFT NAT MIB September 2001
--
-- The Dynamic Address Map Table
--
natConfDynamicAddrMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatConfDynamicAddrMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table lists dynamic NAT entries. This table has an
expansion dependent relationship on the natConfTable.
When an SNMP entity deletes a conceptual row from the
natConfTable, then the corresponding entries are deleted
from natConfDynamicAddrMapTable."
::= { natConfig 3 }
natConfDynamicAddrMapEntry OBJECT-TYPE
SYNTAX NatConfDynamicAddrMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A description of a dynamic NAT entry. This entry
contributes to the dynamic NAT table of the device."
INDEX { natConfName, natConfDynamicAddrMapName }
::= { natConfDynamicAddrMapTable 1 }
NatConfDynamicAddrMapEntry ::= SEQUENCE {
natConfDynamicAddrMapName SnmpAdminString,
natConfDynamicAddressMapType INTEGER,
natConfDynamicLocalAddrFrom IpAddress,
natConfDynamicLocalAddrTo IpAddress,
natConfDynamicLocalPortFrom Integer32,
natConfDynamicLocalPortTo Integer32,
natConfDynamicGlobalAddrFrom IpAddress,
natConfDynamicGlobalAddrTo IpAddress,
natConfDynamicGlobalPortFrom Integer32,
natConfDynamicGlobalPortTo Integer32,
natConfDynamicProtocol BITS,
natConfDynamicAddrMapStorageType StorageType,
natConfDynamicAddrMapStatus RowStatus
}
natConfDynamicAddrMapName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An arbitrary, but unique identifier associated with this
natConfDynamicAddrMapEntry. The value of this object is
unique across both the static address map and the dynamic
address map tables."
::= { natConfDynamicAddrMapEntry 1 }
Rohit, Pai, Raghunarayan, Wang [Page 16]
INTERNET-DRAFT NAT MIB September 2001
natConfDynamicAddressMapType OBJECT-TYPE
SYNTAX INTEGER {
inbound (1),
outbound (2),
both (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Address (and Transport-ID) maps may be defined for both
inbound and outbound direction. Outbound address map
refers to mapping a selected set of addresses from
private realm to a selected set of addresses in external
realm; whereas inbound address map refers to mapping a
set of addresses from the external realm to private
realm."
::= { natConfDynamicAddrMapEntry 2 }
natConfDynamicLocalAddrFrom OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the first IP address of the range
of IP addresses mapped by this translation entry."
::= { natConfDynamicAddrMapEntry 3 }
natConfDynamicLocalAddrTo OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the last IP address of the range of
IP addresses mapped by this translation entry."
::= { natConfDynamicAddrMapEntry 4 }
natConfDynamicLocalPortFrom OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual row
describes NAPT, then the value of this object specifies
the first port number in the range of ports being mapped.
If the translation specifies a single port, then the
value of this object is equal to the value of
natConfDynamicLocalPortTo."
::= { natConfDynamicAddrMapEntry 5 }
Rohit, Pai, Raghunarayan, Wang [Page 17]
INTERNET-DRAFT NAT MIB September 2001
natConfDynamicLocalPortTo OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual row
describes NAPT, then the value of this object specifies
the last port number in the range of ports being mapped.
If the translation specifies a single port, then the
value of this object is equal to the value of
natConfDynamicLocalPortFrom."
::= { natConfDynamicAddrMapEntry 6 }
natConfDynamicGlobalAddrFrom OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the first IP address of the range
of IP addresses being mapped to."
::= { natConfDynamicAddrMapEntry 7 }
natConfDynamicGlobalAddrTo OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the last IP address of the range of
IP addresses being mapped to."
::= { natConfDynamicAddrMapEntry 8 }
natConfDynamicGlobalPortFrom OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual row
describes NAPT, then the value of this object specifies
the first port number in the range of ports being mapped
to. If the translation specifies a single port, then the
value of this object is equal to the value of
natConfDynamicGlobalPortTo."
::= { natConfDynamicAddrMapEntry 9 }
Rohit, Pai, Raghunarayan, Wang [Page 18]
INTERNET-DRAFT NAT MIB September 2001
natConfDynamicGlobalPortTo OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If this conceptual row describes a basic NAT, then the
value of this object is '0'. If this conceptual row
describes NAPT, then the value of this object specifies
the last port number in the range of ports being mapped
to. If the translation specifies a single port, then the
value of this object is equal to the value of
natConfDynamicGlobalPortFrom."
::= { natConfDynamicAddrMapEntry 10 }
natConfDynamicProtocol OBJECT-TYPE
SYNTAX BITS {
all (0),
other (1),
icmp (2),
udp (3),
tcp (4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies a protocol identifier. If the
value of this object is '0', then this basic NAT entry
applies to all IP traffic. If the value of this object is
non-zero, then this NAT entry only applies to IP traffic
with the specified protocol."
::= { natConfDynamicAddrMapEntry 11 }
natConfDynamicAddrMapStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natConfDynamicAddrMapEntry 12 }
natConfDynamicAddrMapStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this conceptual row.
To create a row in this table, a manager must set this
object to either createAndGo(4) or createAndWait(5)."
Rohit, Pai, Raghunarayan, Wang [Page 19]
INTERNET-DRAFT NAT MIB September 2001
::= { natConfDynamicAddrMapEntry 13 }
--
-- NAT Interface Table
--
natInterfaceTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatInterfaceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table holds information regarding the interface
on which NAT is enabled."
::= { natConfig 4 }
natInterfaceEntry OBJECT-TYPE
SYNTAX NatInterfaceEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the NAT Interface Table holds
information regarding an interface on which NAT is
enabled."
INDEX { natInterfaceIndex }
::= { natInterfaceTable 1 }
NatInterfaceEntry ::= SEQUENCE {
natInterfaceIndex InterfaceIndex,
natInterfaceRealm INTEGER,
natInterfaceStorageType StorageType,
natInterfaceStatus RowStatus
}
natInterfaceIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The ifIndex of the interface on which NAT is enabled."
::= { natInterfaceEntry 1 }
natInterfaceRealm OBJECT-TYPE
SYNTAX INTEGER {
private (1),
public (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object identifies whether this interface is
connected to the private or the public realm."
DEFVAL { public }
Rohit, Pai, Raghunarayan, Wang [Page 20]
INTERNET-DRAFT NAT MIB September 2001
::= { natInterfaceEntry 2 }
natInterfaceStorageType OBJECT-TYPE
SYNTAX StorageType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The storage type for this conceptual row."
REFERENCE
"Textual Conventions for SMIv2, Section 2."
DEFVAL { nonVolatile }
::= { natInterfaceEntry 3 }
natInterfaceStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Status of NAT on this interface. An active status
indicates that NAT is enabled on this interface."
::= { natInterfaceEntry 4 }
--
-- Notification thresholds
--
natConfAddressRiseThreshold OBJECT-TYPE
SYNTAX Unsigned32 (0..100)
UNITS "percentage"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This objects represents the rising threshold value for
generation of the natAddressUseRising notification. A
notification is generated whenever the usage percentage
of the address map is equal to or greater than
natConfAddressRiseThreshold.
Notifications should not be generated when the value of
this object is 0."
DEFVAL { 0 }
::= { natConfig 5 }
natConfAddressFallThreshold OBJECT-TYPE
SYNTAX Unsigned32 (0..100)
UNITS "percentage"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object represents the falling threshold value for
generation of the natAddressUseRising notification.
Rohit, Pai, Raghunarayan, Wang [Page 21]
INTERNET-DRAFT NAT MIB September 2001
This object only represents the lower end of the
hysteresis curve, and notifications are not generated when
this threshold is crossed."
DEFVAL { 0 }
::= { natConfig 6 }
--
-- The BIND Group
--
--
-- Address Bind section
--
natAddrBindNumberOfEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object maintains a count of the number of entries
that currently exist in the natAddrBindTable."
::= { natBind 1 }
--
-- The NAT Address BIND Table
--
natAddrBindTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table holds information about the currently
active NAT BINDs."
::= { natBind 2 }
natAddrBindEntry OBJECT-TYPE
SYNTAX NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the NAT BIND table holds information
about a NAT BIND that is currently active."
INDEX { natAddrBindLocalAddr }
::= { natAddrBindTable 1 }
--
-- NOTE: BIND table may be restructured to attend to conditional NAT.
--
Rohit, Pai, Raghunarayan, Wang [Page 22]
INTERNET-DRAFT NAT MIB September 2001
NatAddrBindEntry ::= SEQUENCE {
natAddrBindLocalAddr IpAddress,
natAddrBindGlobalAddr IpAddress,
natAddrBindId Unsigned32,
natAddrBindDirection INTEGER,
natAddrBindType INTEGER,
natAddrBindConfName SnmpAdminString,
natAddrBindSessionCount Gauge32,
natAddrBindCurrentIdleTime TimeTicks,
natAddrBindInTranslate Counter32,
natAddrBindOutTranslate Counter32
}
natAddrBindLocalAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the private-realm specific network
layer address, which maps to the public-realm address
represented by natAddrBindGlobalAddr."
::= { natAddrBindEntry 1 }
natAddrBindGlobalAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the public-realm network layer
address that maps to the private-realm network layer
address represented by natAddrBindLocalAddr."
::= { natAddrBindEntry 2 }
natAddrBindId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents a BIND id that is dynamically
assigned to each BIND by a NAT enabled device. Each
BIND is represented by a unique BIND id across both,
the Address bind and Address-Port bind tables."
::= { natAddrBindEntry 3 }
Rohit, Pai, Raghunarayan, Wang [Page 23]
INTERNET-DRAFT NAT MIB September 2001
natAddrBindDirection OBJECT-TYPE
SYNTAX INTEGER {
uniDirectional (1),
biDirectional (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the direction of the BIND. A
BIND may be either uni-directional or bi-directional,
same as the orientation of the address map, based on
which this bind is formed. The direction of this bind
is with reference to the private realm."
::= { natAddrBindEntry 4 }
natAddrBindType OBJECT-TYPE
SYNTAX INTEGER {
static (1),
dynamic (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates whether the BIND is static or
dynamic."
::= { natAddrBindEntry 5 }
natAddrBindConfName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is a pointer to the natConfTable entry (and
the parameters of that entry) which was used in creating
this BIND."
::= { natAddrBindEntry 6 }
natAddrBindSessionCount OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of sessions currently using this BIND."
::= { natAddrBindEntry 7 }
Rohit, Pai, Raghunarayan, Wang [Page 24]
INTERNET-DRAFT NAT MIB September 2001
natAddrBindCurrentIdleTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"At any given instance of time, this object indicates the
time that this BIND has been idle with no sessions
attached to it. The value represented by this object is
of relevance only when the value of Maximum Idle time
(natConfMaxBindIdleTime) is non-zero."
::= { natAddrBindEntry 8 }
natAddrBindInTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of inbound packets that were successfully
translated as per this BIND entry."
::= { natAddrBindEntry 9 }
natAddrBindOutTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of outbound packets that were successfully
translated as per this BIND entry."
::= { natAddrBindEntry 10 }
--
-- Address-Port Bind section
--
natAddrPortBindNumberOfEntries OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object maintains a count of the number of entries
that currently exist in the natAddrPortBindTable."
::= { natBind 3 }
Rohit, Pai, Raghunarayan, Wang [Page 25]
INTERNET-DRAFT NAT MIB September 2001
--
-- The NAT Address-Port BIND Table
--
natAddrPortBindTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatAddrPortBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table holds information about the currently
active NAPT BINDs."
::= { natBind 4 }
--
-- NOTE: natAddrPortBindProtocol, a BITS, doesn't make sense as index.
-- This needs to be changed to a INTEGER object (of similar nature).
--
natAddrPortBindEntry OBJECT-TYPE
SYNTAX NatAddrPortBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry in the this table holds information
a NAPT BIND that is currently active."
INDEX { natAddrPortBindLocalAddr, natAddrPortBindLocalPort,
natAddrPortBindProtocol }
::= { natAddrPortBindTable 1 }
NatAddrPortBindEntry ::= SEQUENCE {
natAddrPortBindLocalAddr IpAddress,
natAddrPortBindLocalPort Integer32,
natAddrPortBindProtocol BITS,
natAddrPortBindGlobalAddr IpAddress,
natAddrPortBindGlobalPort Integer32,
natAddrPortBindId Unsigned32,
natAddrPortBindDirection INTEGER,
natAddrPortBindType INTEGER,
natAddrPortBindConfName SnmpAdminString,
natAddrPortBindSessionCount Gauge32,
natAddrPortBindCurrentIdleTime TimeTicks,
natAddrPortBindInTranslate Counter32,
natAddrPortBindOutTranslate Counter32
}
Rohit, Pai, Raghunarayan, Wang [Page 26]
INTERNET-DRAFT NAT MIB September 2001
natAddrPortBindLocalAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the private-realm specific network
layer address which, in conjunction with
natAddrPortBindLocalPort, maps to the public-realm
network layer address and transport id represented by
natAddrPortBindGlobalAddr and natAddrPortBindGlobalPort
respectively."
::= { natAddrPortBindEntry 1 }
natAddrPortBindLocalPort OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the private-realm specific port
number (or query ID in case of ICMP messages) which, in
conjunction with natAddrPortBindLocalAddr, maps to the
public-realm network layer address and transport id
represented by natAddrPortBindGlobalAddr and
natAddrPortBindGlobalPort respectively."
::= { natAddrPortBindEntry 2 }
natAddrPortBindProtocol OBJECT-TYPE
SYNTAX BITS {
all (0),
other (1),
icmp (2),
udp (3),
tcp (4)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object specifies a protocol identifier. If the
value of this object is '0', then this BIND entry
applies to all IP traffic. If the value of this object is
non-zero, then this NAT entry only applies to IP traffic
with the specified protocol."
::= { natAddrPortBindEntry 3 }
Rohit, Pai, Raghunarayan, Wang [Page 27]
INTERNET-DRAFT NAT MIB September 2001
natAddrPortBindGlobalAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the public-realm specific network
layer address that, in conjunction with
natAddrPortBindGlobalPort, maps to the private-realm
network layer address and transport id represented by
natAddrPortBindLocalAddr and natAddrPortBindLocalPort
respectively."
::= { natAddrPortBindEntry 4 }
natAddrPortBindGlobalPort OBJECT-TYPE
SYNTAX Integer32(0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the port number (or query id in
case of ICMP) that, in conjunction with
natAddrPortBindGlobalAddr, maps to the private-realm
network layer address and transport id represented by
natAddrPortBindLocalAddr and natAddrPortBindLocalPort
respectively."
::= { natAddrPortBindEntry 5 }
natAddrPortBindId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents a BIND id that is dynamically
assigned to each BIND by a NAT enabled device. Each
BIND is represented by a unique BIND id across both,
the Address Bind and Address-Port Bind tables."
::= { natAddrPortBindEntry 6 }
natAddrPortBindDirection OBJECT-TYPE
SYNTAX INTEGER {
uniDirectional (1),
biDirectional (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents the direction of the BIND. A
BIND may be either uni-directional or bi-directional,
same as the orientation of the address map, based on
which this bind is formed. The direction of this bind
is with reference to the private realm."
::= { natAddrPortBindEntry 7 }
Rohit, Pai, Raghunarayan, Wang [Page 28]
INTERNET-DRAFT NAT MIB September 2001
natAddrPortBindType OBJECT-TYPE
SYNTAX INTEGER {
static (1),
dynamic (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object indicates whether the BIND is static or
dynamic."
::= { natAddrPortBindEntry 8 }
natAddrPortBindConfName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object is a pointer to the natConfTable entry (and
the parameters of that entry) which was used in creating
this BIND."
::= { natAddrPortBindEntry 9 }
natAddrPortBindSessionCount OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of sessions currently using this BIND."
::= { natAddrPortBindEntry 10 }
natAddrPortBindCurrentIdleTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"At any given instance of time, this object indicates the
time that this BIND has been idle with no sessions
attached to it. The value represented by this object is
of relevance only when the value of Maximum Idle time
(natConfMaxBindIdleTime) is non-zero."
::= { natAddrPortBindEntry 11 }
natAddrPortBindInTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of inbound packets that were translated as per
this BIND entry."
::= { natAddrPortBindEntry 12 }
Rohit, Pai, Raghunarayan, Wang [Page 29]
INTERNET-DRAFT NAT MIB September 2001
natAddrPortBindOutTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of outbound packets that were translated as per
this BIND entry."
::= { natAddrPortBindEntry 13 }
--
-- The Session Table
--
natSessionTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing one entry for each
NAT session currently active on this NAT device."
::= { natBind 5 }
natSessionEntry OBJECT-TYPE
SYNTAX NatSessionEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing information
about an active NAT session on this NAT device."
INDEX { natSessionBindId, natSessionId }
::= { natSessionTable 1 }
NatSessionEntry ::= SEQUENCE {
natSessionBindId Unsigned32,
natSessionId Unsigned32,
natSessionDirection INTEGER,
natSessionUpTime TimeTicks,
natSessionProtocolType NATProtocolType,
natSessionOrigPrivateAddr IpAddress,
natSessionTransPrivateAddr IpAddress,
natSessionOrigPrivatePort Integer32,
natSessionTransPrivatePort Integer32,
natSessionOrigPublicAddr IpAddress,
natSessionTransPublicAddr IpAddress,
natSessionOrigPublicPort Integer32,
natSessionTransPublicPort Integer32,
natSessionCurrentIdletime TimeTicks,
natSessionSecondBindId Unsigned32,
natSessionInTranslate Counter32,
natSessionOutTranslate Counter32
}
Rohit, Pai, Raghunarayan, Wang [Page 30]
INTERNET-DRAFT NAT MIB September 2001
natSessionBindId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents a BIND id that is dynamically
assigned to each BIND by a NAT enabled device. This
bind id is that same as represented by the BindId
objects in the Address bind and Address-Port bind
tables."
::= { natSessionEntry 1 }
natSessionId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The session ID for this NAT session."
::= { natSessionEntry 2 }
natSessionDirection OBJECT-TYPE
SYNTAX INTEGER {
inbound (1),
outbound (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The direction of this session with respect to the
local network. 'inbound' indicates that this session
was initiated from the public network into the private
network. 'outbound' indicates that this session was
initiated from the private network into the public
network."
::= { natSessionEntry 3 }
natSessionUpTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The up time of this session in one-hundredths of a
second."
::= { natSessionEntry 4 }
Rohit, Pai, Raghunarayan, Wang [Page 31]
INTERNET-DRAFT NAT MIB September 2001
natSessionProtocolType OBJECT-TYPE
SYNTAX NATProtocolType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The protocol type of this session.
TCP and UDP sessions are uniquely identified by the
tuple of (source IP address, source UDP/TCP port,
destination IP address, destination TCP/UCP port).
ICMP query sessions are identified by the tuple of
(source IP address, ICMP query ID, destination IP
address)."
::= { natSessionEntry 5 }
natSessionOrigPrivateAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The original IP address of the session endpoint that
lies in the private network."
::= { natSessionEntry 6 }
natSessionTransPrivateAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The translated IP address of the session endpoint that
lies in the private network. The value of this object
is equal to that of the original public IP Address
(natSessionOrigPrivateAddr) when there is no
translation."
::= { natSessionEntry 7 }
natSessionOrigPrivatePort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The original transport port of the session endpoint that
belongs to the private network. If this is an ICMP session
then the value is the ICMP request ID."
::= { natSessionEntry 8 }
Rohit, Pai, Raghunarayan, Wang [Page 32]
INTERNET-DRAFT NAT MIB September 2001
natSessionTransPrivatePort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The translated transport port of the session that lies in
the private network. The value of this object is equal to
that of the original transport port
(natSessionOrigPrivatePort) when there is no translation."
::= { natSessionEntry 9 }
natSessionOrigPublicAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The original IP address of the session endpoint that lies
in the public network."
::= { natSessionEntry 10 }
natSessionTransPublicAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The translated IP address of the session endpoint that
belongs to the public network. The value of this object
is equal to that of the original public IP Address
(natSessionOrigPublicAddr) when there is no
translation."
::= { natSessionEntry 11 }
natSessionOrigPublicPort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The original transport port of the session endpoint that
belongs to the public network. If this is an ICMP
session then the value contains the ICMP request ID."
::= { natSessionEntry 12 }
natSessionTransPublicPort OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The translated transport port of the session endpoint
that belongs to the public network. The value of this
object is equal to that of the original transport port
(natSessionOrigPublicPort) when there is no
translation."
Rohit, Pai, Raghunarayan, Wang [Page 33]
INTERNET-DRAFT NAT MIB September 2001
::= { natSessionEntry 13 }
natSessionCurrentIdletime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The time in one-hundredths of a second since a packet
belonging to this session was last detected."
::= { natSessionEntry 14 }
natSessionSecondBindId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The natBindId of the 'other' NAT binding incase of Twice
NAT. An instance of this object contains a valid value
only if the binding type for this session is TwiceNAT."
::= { natSessionEntry 15 }
natSessionInTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of inbound packets that were translated by
this session."
::= { natSessionEntry 16 }
natSessionOutTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of outbound packets that were translated by
this session."
::= { natSessionEntry 17 }
Rohit, Pai, Raghunarayan, Wang [Page 34]
INTERNET-DRAFT NAT MIB September 2001
--
-- natStatistics Group
--
--
-- The Protocol Stats table
--
natProtocolStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatProtocolStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing per protocol NAT
statistics."
::= { natStatistics 1 }
natProtocolStatsEntry OBJECT-TYPE
SYNTAX NatProtocolStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing NAT statistics
pertaining to a particular protocol."
INDEX { natProtocolStatsName }
::= { natProtocolStatsTable 1 }
NatProtocolStatsEntry ::= SEQUENCE {
natProtocolStatsName NATProtocolType,
natProtocolStatsInTranslate Counter32,
natProtocolStatsOutTranslate Counter32,
natProtocolStatsRejectCount Counter32
}
natProtocolStatsName OBJECT-TYPE
SYNTAX NATProtocolType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This object represents the protocol pertaining to which
statistics are reported."
::= { natProtocolStatsEntry 1 }
natProtocolStatsInTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of inbound packets, pertaining to the protocol
identified by natProtocolStatsName, that underwent NAT."
::= { natProtocolStatsEntry 2 }
Rohit, Pai, Raghunarayan, Wang [Page 35]
INTERNET-DRAFT NAT MIB September 2001
natProtocolStatsOutTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of outbound packets, pertaining to the protocol
identified by natProtocolStatsName, that underwent NAT."
::= { natProtocolStatsEntry 3 }
natProtocolStatsRejectCount OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets, pertaining to the protocol
identified by natProtocolStatsName, that had to be
rejected/dropped due to lack of resources. These
rejections could be due to session timeout, resource
unavailability etc."
::= { natProtocolStatsEntry 4 }
--
-- The Address Map Stats table
--
natAddrMapStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatAddrMapStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing per address map NAT
statistics."
::= { natStatistics 2 }
natAddrMapStatsEntry OBJECT-TYPE
SYNTAX NatAddrMapStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing NAT statistics per
address map."
INDEX { natAddrMapStatsConfName, natAddrMapStatsMapName }
::= { natAddrMapStatsTable 1 }
NatAddrMapStatsEntry ::= SEQUENCE {
natAddrMapStatsConfName SnmpAdminString,
natAddrMapStatsMapName SnmpAdminString,
natAddrMapStatsInTranslate Counter32,
natAddrMapStatsOutTranslate Counter32,
natAddrMapStatsNoResource Counter32,
natAddrMapStatsAddrUsed Gauge32
}
Rohit, Pai, Raghunarayan, Wang [Page 36]
INTERNET-DRAFT NAT MIB September 2001
natAddrMapStatsConfName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the configuration (from the natConfTable),
regarding which statistics are being reported. The
configuration name along with Map name uniquely
identifies an entry across both (static and dynamic)
Address Map tables."
::= { natAddrMapStatsEntry 1 }
natAddrMapStatsMapName OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(1..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the Address Map (from the
natConfStaticAddrMapTable/natConfDynamicAddrMapTable),
regarding which statistics are being reported. The
configuration name along with Map name uniquely
identifies an entry across both (static and dynamic)
Address Map tables."
::= { natAddrMapStatsEntry 2 }
natAddrMapStatsInTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of inbound packets, pertaining to this address
map entry, that were translated."
::= { natAddrMapStatsEntry 3 }
natAddrMapStatsOutTranslate OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of outbound packets, pertaining to this
address map entry, that were translated."
::= { natAddrMapStatsEntry 4 }
Rohit, Pai, Raghunarayan, Wang [Page 37]
INTERNET-DRAFT NAT MIB September 2001
natAddrMapStatsNoResource OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of packets, pertaining to this address map
entry, that were dropped due to lack of addresses in the
address pool identified by this address map. The value of
this object should always be zero in case of static
address map."
::= { natAddrMapStatsEntry 5 }
natAddrMapStatsAddrUsed OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of addresses, pertaining to this address map,
that are currently being used from the nat pool. The
value of this object is irrelevant if the address map in
question is a static address map."
::= { natAddrMapStatsEntry 6 }
--
-- The Interface Stats table
--
natInterfaceStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF NatInterfaceStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table augments the natInterfaceTable and provides
statistics information pertaining to the specified
interface."
::= { natStatistics 3 }
natInterfaceStatsEntry OBJECT-TYPE
SYNTAX NatInterfaceStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each entry of the natInterfaceStatsTable represents stats
pertaining to one interface, which is identified by its
ifIndex."
AUGMENTS { natInterfaceEntry }
::= { natInterfaceStatsTable 1 }
NatInterfaceStatsEntry ::= SEQUENCE {
natInterfacePktsIn Counter32,
natInterfacePktsOut Counter32
}
Rohit, Pai, Raghunarayan, Wang [Page 33]
INTERNET-DRAFT NAT MIB September 2001
natInterfacePktsIn OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of packets received on this interface that
were translated."
::= { natInterfaceStatsEntry 1 }
natInterfacePktsOut OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of translated packets that were sent out this
interface."
::= { natInterfaceStatsEntry 2 }
--
-- Notifications section
--
natNotificationPrefix OBJECT IDENTIFIER ::= { natMIB 2 }
natNotifications OBJECT IDENTIFIER ::=
{ natNotificationPrefix 0 }
--
-- Notification objects i.e. objects accessible only for notification
-- purpose.
--
natNotificationObjects OBJECT IDENTIFIER ::=
{ natNotificationPrefix 1 }
natAddrMapName OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object represent the address map corresponding to
which the addresses/ports have been exhausted, thereby
resulting in a natPacketDiscard notification."
::= { natNotificationObjects 1 }
Rohit, Pai, Raghunarayan, Wang [Page 39]
INTERNET-DRAFT NAT MIB September 2001
natPktDiscardReason OBJECT-TYPE
SYNTAX INTEGER {
other (1),
addressSpaceExhausted (2)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"This object represents the reason for which a packet is
discarded by NAT.
addressSpaceExhausted (2) represents a situation wherein
the address space required to do this mapping has been
exhausted (used up by other translations).
other (1) represents a case where the packet was
discarded due to any other reasons."
::= { natNotificationObjects 2 }
--
-- Notifications
--
natAddressUseRising NOTIFICATION-TYPE
OBJECTS { natAddrMapStatsAddrUsed }
STATUS current
DESCRIPTION
"This notification is generated whenever the number of
addresses per address map is equal to or greater than the
configured address rising threshold value.
Note that once this notification is generated, another
notification for the same address map should be generated
only after the address usage falls to/below the defined
falling threshold.
This notification should be generated only for dynamic
address maps, since they do not provide any useful
information for static maps."
::= { natNotifications 1 }
Rohit, Pai, Raghunarayan, Wang [Page 40]
INTERNET-DRAFT NAT MIB September 2001
-- Should natAddrMapStatsNoResource be used instead of natAddrMapName
-- - that will save us one extra object, but if/when the notification
-- is modified to include cases of explicitly packet discard due to
-- reasons other than resource exhaustion.. it might be better to
-- have AddrMap name. So we'll go with AddrMapName for now..
natPacketDiscard NOTIFICATION-TYPE
OBJECTS { natAddrMapName, natPktDiscardReason }
STATUS current
DESCRIPTION
"This notification is generated whenever packets are
discarded due to lack of mapping space i.e. when we run
out of address/ports in case of NAT/NAPT respectively.
An agent should not generate more than one
natPacketDiscard 'notification-events' in a given time
interval (five seconds is the suggested default). A
'notification-event' is the transmission of a single
trap or inform PDU to a list of notification
destinations.
If additional nat packets are discarded within the
throttling period, then notification-events for these
changes should be suppressed by the agent until the
current throttling period expires. At the end of a
throttling period, one notification-event should be
generated if any NAT packet was discarded since the
start of the throttling period. In such a case, another
throttling period is started right away."
-- 1. Is the 5 sec period OK as a throttling value??
::= { natNotifications 2 }
--
-- Conformance information.
-- NOTE: Will need to revisit this section; leaving this as is for
-- now.
--
natMIBConformance OBJECT IDENTIFIER ::= { natMIB 3 }
natMIBCompliances OBJECT IDENTIFIER ::= { natMIBConformance 1 }
natMIBGroups OBJECT IDENTIFIER ::= { natMIBConformance 2 }
--
-- Compliance statements
--
natMIBCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for devices running NAT."
MODULE -- this module
MANDATORY-GROUPS { natConfigGroup, natBindGroup }
Rohit, Pai, Raghunarayan, Wang [Page 41]
INTERNET-DRAFT NAT MIB September 2001
::= { natMIBCompliances 1 }
--
-- Units of conformance
--
natConfigGroup OBJECT-GROUP
OBJECTS { natConfServiceType,
natConfTimeoutIcmpIdle,
natConfTimeoutUdpIdle,
natConfTimeoutTcpIdle,
natConfTimeoutTcpNeg,
natConfTimeoutOther,
natConfMaxBindLeaseTime,
natConfMaxBindIdleTime,
natConfStorageType,
natConfStatus,
natConfStaticAddrMapType,
natConfStaticLocalAddrFrom,
natConfStaticLocalAddrTo,
natConfStaticLocalPortFrom,
natConfStaticLocalPortTo,
natConfStaticGlobalAddrFrom,
natConfStaticGlobalAddrTo,
natConfStaticGlobalPortFrom,
natConfStaticGlobalPortTo,
natConfStaticProtocol,
natConfStaticAddrMapStorageType,
natConfStaticAddrMapStatus,
natConfDynamicAddressMapType,
natConfDynamicLocalAddrFrom,
natConfDynamicLocalAddrTo,
natConfDynamicLocalPortFrom,
natConfDynamicLocalPortTo,
natConfDynamicGlobalAddrFrom,
natConfDynamicGlobalAddrTo,
natConfDynamicGlobalPortFrom,
natConfDynamicGlobalPortTo,
natConfDynamicProtocol,
natConfDynamicAddrMapStorageType,
natConfDynamicAddrMapStatus,
natInterfaceRealm,
natInterfaceStorageType,
natInterfaceStatus }
STATUS current
DESCRIPTION
"A collection of configuration-related information
required to support management of devices supporting
NAT."
::= { natMIBGroups 1 }
Rohit, Pai, Raghunarayan, Wang [Page 42]
INTERNET-DRAFT NAT MIB September 2001
natBindGroup OBJECT-GROUP
OBJECTS { natAddrBindNumberOfEntries,
natAddrBindGlobalAddr,
natAddrBindId,
natAddrBindDirection,
natAddrBindType,
natAddrBindConfName,
natAddrBindSessionCount,
natAddrBindCurrentIdleTime,
natAddrBindInTranslate,
natAddrBindOutTranslate,
natAddrPortBindNumberOfEntries,
natAddrPortBindGlobalAddr,
natAddrPortBindGlobalPort,
natAddrPortBindId,
natAddrPortBindDirection,
natAddrPortBindType,
natAddrPortBindConfName,
natAddrPortBindSessionCount,
natAddrPortBindCurrentIdleTime,
natAddrPortBindInTranslate,
natAddrPortBindOutTranslate,
natSessionDirection,
natSessionUpTime,
natSessionProtocolType,
natSessionOrigPrivateAddr,
natSessionTransPrivateAddr,
natSessionOrigPrivatePort,
natSessionTransPrivatePort,
natSessionOrigPublicAddr,
natSessionTransPublicAddr,
natSessionOrigPublicPort,
natSessionTransPublicPort,
natSessionCurrentIdletime,
natSessionSecondBindId,
natSessionInTranslate,
natSessionOutTranslate }
STATUS current
DESCRIPTION
"A collection of BIND-related objects required to support
management of devices supporting NAT."
::= { natMIBGroups 2 }
Rohit, Pai, Raghunarayan, Wang [Page 43]
INTERNET-DRAFT NAT MIB September 2001
natStatsGroup OBJECT-GROUP
OBJECTS { natProtocolStatsInTranslate,
natProtocolStatsOutTranslate,
natProtocolStatsRejectCount,
natAddrMapStatsInTranslate,
natAddrMapStatsOutTranslate,
natAddrMapStatsNoResource,
natAddrMapStatsAddrUsed,
natInterfacePktsIn,
natInterfacePktsOut }
STATUS current
DESCRIPTION
"A collection of NAT statistics related objects required
to support troubleshooting/monitoring NAT operation."
::= { natMIBGroups 3 }
natMIBNotifConfigGroup OBJECT-GROUP
OBJECTS { natConfAddressRiseThreshold,
natConfAddressFallThreshold }
STATUS current
DESCRIPTION
"A collection of configuration objects required to support
the threshold-based notifications."
::= { natMIBGroups 4 }
natMIBNotificationObjectsGroup OBJECT-GROUP
OBJECTS { natAddrMapName,
natPktDiscardReason }
STATUS current
DESCRIPTION
"A collection of objects required to support NAT
notifications."
::= { natMIBGroups 5 }
natMIBNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS { natAddressUseRising,
natPacketDiscard }
STATUS current
DESCRIPTION
"A collection of notifications which are generated by
devices supporting this MIB."
::= { natMIBGroups 6 }
END
Rohit, Pai, Raghunarayan, Wang [Page 44]
INTERNET-DRAFT NAT MIB September 2001
6. Security Considerations
This MIB contains readable objects whose values provide information
related to nat binds and sessions. Some of these objects could
contain sensitive information e.g. bind information. There are
a number of management objects defined in this MIB that have a
MAX-ACCESS clause of read-write and/or read-create. Such objects
may be considered sensitive or vulnerable in some network
environments.
While unauthorized access to the readable objects may be relatively
innocuous, unauthorized access to the write-able objects could
cause a denial of service, and/or widespread network
disturbance. Hence, the support for SET operations in a non-secure
environment without proper protection can have a negative effect on
network operations.
SNMPv1 by itself is not a secure environment. Even if the network
itself is secure, there is no control as to who on the secure
network is allowed to access and GET/SET (read/change/create/delete)
the objects in this MIB.
It is recommended that the implementors consider the security
features as provided by the SNMPv3 framework. Specifically, the use
of the User-based Security Model RFC 2574 [12] and the View-based
Access Control Model RFC 2575 [15] is recommended.
It is then a customer/user responsibility to ensure that the SNMP
entity giving access to an instance of this MIB, is properly
configured to give access to the objects only to those
principals (users) that have legitimate rights to indeed GET or
SET (change/create/delete) them.
Rohit, Pai, Raghunarayan, Wang [Page 45]
INTERNET-DRAFT NAT MIB September 2001
7. Future Directions
o Support for conditional NAT.
o Provide for protocol specific configuration tables (thereby
providing for extensibility).
o Combine the static and dynamic address map tables (since they
represent similar information).
o The index into the natAddrPortBindProtocol, defined as BITS.
It would make more sense to have this as INTEGER, but that
would require deprecating the existing table and defining a
new one. Further, the BIND table might also require
modifications to support conditional NAT.
o Usage of IpAddress as a datatype in the MIB is no longer
allowed [20]. All occurences of IpAddress need to be replaced
by InetAddressType and InetAddress.
o Revisit the conformance/compliance section to evaluate what's
necessary and what's not.
8. References
[1] Wijnen, B., Harrington, D. and R. Presuhn, "An Architecture
for Describing SNMP Management Frameworks", RFC 2571, April
1999.
[2] Rose, M. and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based Internets", STD 16,
RFC 1155, May 1990.
[3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16,
RFC 1212, March 1991.
[4] Rose, M., "A Convention for Defining Traps for use with the
SNMP", RFC 1215, March 1991.
[5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Textual Conventions for SMIv2",
STD 58, RFC 2579, April 1999.
[7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M. and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999.
Rohit, Pai, Raghunarayan, Wang [Page 46]
INTERNET-DRAFT NAT MIB September 2001
[8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple
Network Management Protocol", STD 15, RFC 1157, May 1990.
[9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901, January
1996.
[10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, January 1996.
[11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management
Protocol (SNMP)", RFC 2572, April 1999.
[12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM)
for version 3 of the Simple Network Management Protocol
(SNMPv3)", RFC 2574, April 1999.
[13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
"Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1905, January 1996.
[14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC
2573, April 1999.
[15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
Control Model (VACM) for the Simple Network Management
Protocol (SNMP)", RFC 2575, April 1999.
[16] Bradner, S., "The Internet Standards Process -- Revision 3",
BCP 9, RFC 2026, October 1996.
[17] Srisuresh, P. and Egevang, K., "Traditional IP Network Address
Translator (Traditional NAT)", RFC 3022, January 2001.
[18] Srisuresh, P. and M. Holdrege, "NAT Terminology and
Considerations", RFC 2663, August 1999.
[19] Srisuresh, P., "Framework for interfacing with Network Address
Translator", Work in Progress, November 2000.
[20] Daniele, M., Haberman, B., Routhier, S., Schoenwaelder, J.,
"Textual Conventions for Internet Network Addresses", RFC
2851, June 2000.
9. Acknowledgements
The authors of this memo would like to thank Pyda Srisuresh and
Randy Turner for their valuable contribution to this MIB.
Rohit, Pai, Raghunarayan, Wang [Page 47]
INTERNET-DRAFT NAT MIB September 2001
10. Author's Addresses
Rohit R.
World Wide Packets
115 North Sullivan Road
Veradale, Spokane, WA 99037
Phone: +1 509 242 9320
Email: Rohit.Rohit@worldwidepackets.com
Nalinaksh Pai
Cisco Systems, Inc.
Prestige Waterford
No. 9, Brunton Road
Bangalore - 560 025
India
Phone: +91 80 532 1300 extn. 6354
Email: npai@cisco.com
Rajiv Raghunarayan
Cisco Systems, Inc.
Prestige Waterford
No. 9, Brunton Road
Bangalore - 560 025
India
Phone: +91 80 532 1300 extn. 6314
Email: rrajiv@cisco.com
Cliff Wang
SmartPipes Inc.
Suite 300, 565 Metro Place South
Dublin, OH 43017
Phone: +1 614 923 6241
Email: CWang@smartpipes.com
11. Change History
A record of changes which will be removed before publication.
10 September 2001
o Added the following objects to support notifications:
natConfAddressRiseThreshold, natConfAddressFallThreshold,
natAddrMapName and natPktDiscardReason.
o Following notifications were added (there are still some
unclear parameters though):
natAddressUseRising and natPacketDiscard.
Rohit, Pai, Raghunarayan, Wang [Page 48]
INTERNET-DRAFT NAT MIB September 2001
Full Copyright Statement
"Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph
are included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Rohit, Pai, Raghunarayan, Wang [Page 49]
