An SNMP Application Level Gateway for Payload Address Translation
RFC 2962

Document Type RFC - Informational (October 2000; Errata)
Last updated 2017-03-28
Stream IETF
Formats plain text pdf htmlized with errata bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 2962 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                              D. Raz
Request for Comments: 2962                            Lucent Technologies
Category: Informational                                  J. Schoenwaelder
                                                          TU Braunschweig
                                                                 B. Sugla
                                                             ISPSoft Inc.
                                                             October 2000

   An SNMP Application Level Gateway for Payload Address Translation

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2000).  All Rights Reserved.

IESG Note

   This document describes an SNMP application layer gateway (ALG),
   which may be useful in certain environments.  The document does also
   list the issues and problems that can arise when used as a generic
   SNMP ALG.  Specifically, when using SNMPv3's authentication and
   privacy mechanisms this approach may be very problematic and
   jeopardize the SNMP security.  The reader is urged to carefully
   consider these issues before deciding to deploy this type of SNMP
   ALG.

Abstract

   This document describes the ALG (Application Level Gateway) for the
   SNMP (Simple Network Management Protocol) by which IP (Internet
   Protocol) addresses in the payload of SNMP packets are statically
   mapped from one group to another.  The SNMP ALG is a specific case of
   an Application Level Gateway as described in [15].

   An SNMP ALG allows network management stations to manage multiple
   networks that use conflicting IP addresses.  This can be important in
   environments where there is a need to use SNMP with NAT (Network
   Address Translator) in order to manage several potentially
   overlapping addressing realms.

Raz, et al.                  Informational                      [Page 1]
RFC 2962            SNMP Payload Address Translation        October 2000

   This document includes a detailed description of the requirements and
   limitations for an implementation of an SNMP Application Level
   Gateway.  It also discusses other approaches to exchange SNMP packets
   across conflicting addressing realms.

Table of Contents

   1.  Introduction ..................................................2
   2.  Terminology and Concepts Used  ................................5
   3.  Problem Scope and Requirements ................................5
   3.1 IP Addresses in SNMP Messages  ................................6
   3.2 Requirements ..................................................7
   4.  Translating IP Addresses in SNMP Packets ......................7
   4.1 Basic SNMP Application Level Gateway ..........................8
   4.2 Advanced SNMP Application Level Gateway  ......................8
   4.3 Packet Size and UDP Checksum ..................................9
   5.  Limitations and Alternate Solutions  .........................10
   6.  Security Considerations  .....................................12
   7.  Summary and Recommendations  .................................13
   8.  Current Implementations  .....................................14
   9.  Acknowledgments  .............................................14
   10. References ...................................................14
   11. Authors' Addresses ...........................................16
   12. Description of the Encoding of SNMP Packets  .................17
   13. Full Copyright Statement .....................................20

1. Introduction

   The need for IP address translation arises when a network's internal
   IP addresses cannot be used outside the network.  Using basic network
   address translation allows local hosts on such private networks
   (addressing realms) to transparently access the external global
   Internet and enables access to selective local hosts from the
   outside.  In particular it is not unlikely to have several addressing
   realms that are using the same private IPv4 address space within the
   same organization.

   In many of these cases, there is a need to manage the local
   addressing realm from a manager site outside the domain. However,
   managing such a network presents unique problems and challenges.
   Most available management applications use SNMP (Simple Network
   Management Protocol) to retrieve information from the network
   elements.  For example, a router may be queried by the management
   application about the addresses of its neighboring elements.  This
   information is then sent by the router back to the management

Raz, et al.                  Informational                      [Page 2]
RFC 2962            SNMP Payload Address Translation        October 2000

   station as part of the payload of an SNMP packet. In order to retain
Show full document text