The IESG has approved the following document:
- 'Definitions of Managed Objects for Network Address Translators (NAT) '
draft-ietf-nat-natmib-09.txt as a Proposed Standard
This document has been reviewed in the IETF but is not the product of an
IETF Working Group.
The IESG contact person is Allison Mankin.
Technical Summary
This document defines a portion of the Management Information Base (MIB) for
devices implementing Network Address Translator (NAT) function. This MIB
module may be used for configuration of specific aspects of the NAT function
(but in particular, not to configure NAT bindings). Firewall configuration, in
a NAT-firewall-combining device, is specifically outside the scope of this
document.
Working Group Summary
Although this document is an individual submission (developed largely after
closure of IETF's NAT working group, it was reviewed by the MIDCOM working
group. A good number of comments were received from MIDCOM participants.
Protocol Quality
This specification was reviewed for the IESG by Allison Mankin, Bert Wijnen,
and Juergen Schoenwaelder, of the MIB Doctors.
RFC Editor Notes
Section 3. Terminology
OLD:
Definitions for majority of the terms used throughout the document
may be found in RFC 2663 [RFC2663]. Additional terms that further
classify NAPT implementations are defined in RFC 3489 [RFC3489].
Listed below are terms used in this document
NEW:
Definitions for majority of the terms used throughout the document
may be found in RFC 2663 [RFC2663]. Additional terms that further
classify NAPT implementations are defined in RFC 3489 [RFC3489].
Listed below are terms used in this document
Address realm - An address realm is a realm of unique network
addresses that are routable within the realm. For example, an
enterprise address realm could be constituted of private IP
addresses in the ranges specified in RFC 1918 [RFC1918], which
are routable within the enterprise, but not across the Internet.
A public realm is constituted of globally unique network
addresses.
[And add RFC 1918 to the Informative References]
---
OLD:
NAT Session - A NAT session is an association between a session
as seen in the private realm and a session as seen in the public
realm, by virtue of NAT translation. If a session in the private
realm were to be represented as (PrivateSrcAddr, PrivateDstAddr,
TransportProtocol, PrivateSrcPort, PrivateDstPort) and the
same session in the public realm were to be represented as
(PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort,
PublicDstPort), the NAT session will provide the translation
glue between the two session representations.
NEW:
NAT Session - A NAT session is an association between a session
as seen in the private realm and a session as seen in the public
realm, by virtue of NAT translation. If a session in the private
realm were to be represented as (PrivateSrcAddr, PrivateDstAddr,
TransportProtocol, PrivateSrcPort, PrivateDstPort) and the
same session in the public realm were to be represented as
(PublicSrcAddr, PublicDstAddr, TransportProtocol, PublicSrcPort,
PublicDstPort), the NAT session will provide the translation
glue between the two session representations. NAT sessions in
the document are restricted to sessions based on TCP and UDP
only . In the future, NAT sessions may be extended to be based
on other transport protocols such as SCTP, UDP-lite and DCCP.
---
Section 5. Definitions
OLD:
natAddrBindEntry OBJECT-TYPE
SYNTAX NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
Each entry in this table holds information about
an active address BIND. These entries are lost
upon agent restart.
INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr }
::= { natAddrBindTable 1 }
NEW:
natAddrBindEntry OBJECT-TYPE
SYNTAX NatAddrBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
Each entry in this table holds information about
an active address BIND. These entries are lost
upon agent restart.
This row has indexing which may create variables with
more than 128 subidentifiers. Implementers of this table
must be careful not to create entries that would result
in OIDs which exceed the 128 subidentifier limit.
Otherwise, the information cannot be accessed using
SNMPv1, SNMPv2c or SNMPv3.
INDEX { ifIndex, natAddrBindLocalAddrType, natAddrBindLocalAddr }
::= { natAddrBindTable 1 }
-
OLD:
natAddrBindLocalAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
This object represents the private-realm specific network
layer address, which maps to