RFC 4293
Management Information Base for the Internet Protocol (IP)
ipSystemStatsGroup OBJECT-GROUP
OBJECTS { ipSystemStatsInReceives,
ipSystemStatsInOctets,
ipSystemStatsInHdrErrors,
ipSystemStatsInNoRoutes,
ipSystemStatsInAddrErrors,
ipSystemStatsInUnknownProtos,
ipSystemStatsInTruncatedPkts,
ipSystemStatsInForwDatagrams,
ipSystemStatsReasmReqds,
ipSystemStatsReasmOKs,
ipSystemStatsReasmFails,
ipSystemStatsInDiscards,
ipSystemStatsInDelivers,
ipSystemStatsOutRequests,
ipSystemStatsOutNoRoutes,
ipSystemStatsOutForwDatagrams,
ipSystemStatsOutDiscards,
ipSystemStatsOutFragReqds,
ipSystemStatsOutFragOKs,
ipSystemStatsOutFragFails,
ipSystemStatsOutFragCreates,
ipSystemStatsOutTransmits,
ipSystemStatsOutOctets,
ipSystemStatsInMcastPkts,
ipSystemStatsInMcastOctets,
ipSystemStatsOutMcastPkts,
ipSystemStatsOutMcastOctets,
ipSystemStatsDiscontinuityTime,
ipSystemStatsRefreshRate }
STATUS current
DESCRIPTION
"IP system wide statistics."
::= { ipMIBGroups 8 }
ipv4SystemStatsGroup OBJECT-GROUP
OBJECTS { ipSystemStatsInBcastPkts, ipSystemStatsOutBcastPkts }
STATUS current
DESCRIPTION
"IPv4 only system wide statistics."
::= { ipMIBGroups 9 }
ipSystemStatsHCOctetGroup OBJECT-GROUP
OBJECTS { ipSystemStatsHCInOctets,
ipSystemStatsHCOutOctets,
ipSystemStatsHCInMcastOctets,
ipSystemStatsHCOutMcastOctets
}
STATUS current
DESCRIPTION
"IP system wide statistics for systems that may overflow the
standard octet counters within 1 hour."
::= { ipMIBGroups 10 }
ipSystemStatsHCPacketGroup OBJECT-GROUP
OBJECTS { ipSystemStatsHCInReceives,
ipSystemStatsHCInForwDatagrams,
ipSystemStatsHCInDelivers,
ipSystemStatsHCOutRequests,
ipSystemStatsHCOutForwDatagrams,
ipSystemStatsHCOutTransmits,
ipSystemStatsHCInMcastPkts,
ipSystemStatsHCOutMcastPkts
}
STATUS current
DESCRIPTION
"IP system wide statistics for systems that may overflow the
standard packet counters within 1 hour."
::= { ipMIBGroups 11 }
ipv4SystemStatsHCPacketGroup OBJECT-GROUP
OBJECTS { ipSystemStatsHCInBcastPkts,
ipSystemStatsHCOutBcastPkts }
STATUS current
DESCRIPTION
"IPv4 only system wide statistics for systems that may
overflow the standard packet counters within 1 hour."
::= { ipMIBGroups 12 }
ipIfStatsGroup OBJECT-GROUP
OBJECTS { ipIfStatsInReceives, ipIfStatsInOctets,
ipIfStatsInHdrErrors, ipIfStatsInNoRoutes,
ipIfStatsInAddrErrors, ipIfStatsInUnknownProtos,
ipIfStatsInTruncatedPkts, ipIfStatsInForwDatagrams,
ipIfStatsReasmReqds, ipIfStatsReasmOKs,
ipIfStatsReasmFails, ipIfStatsInDiscards,
ipIfStatsInDelivers, ipIfStatsOutRequests,
ipIfStatsOutForwDatagrams, ipIfStatsOutDiscards,
ipIfStatsOutFragReqds, ipIfStatsOutFragOKs,
ipIfStatsOutFragFails, ipIfStatsOutFragCreates,
ipIfStatsOutTransmits, ipIfStatsOutOctets,
ipIfStatsInMcastPkts, ipIfStatsInMcastOctets,
ipIfStatsOutMcastPkts, ipIfStatsOutMcastOctets,
ipIfStatsDiscontinuityTime, ipIfStatsRefreshRate }
STATUS current
DESCRIPTION
"IP per-interface statistics."
::= { ipMIBGroups 13 }
ipv4IfStatsGroup OBJECT-GROUP
OBJECTS { ipIfStatsInBcastPkts, ipIfStatsOutBcastPkts }
STATUS current
DESCRIPTION
"IPv4 only per-interface statistics."
::= { ipMIBGroups 14 }
ipIfStatsHCOctetGroup OBJECT-GROUP
OBJECTS { ipIfStatsHCInOctets, ipIfStatsHCOutOctets,
ipIfStatsHCInMcastOctets, ipIfStatsHCOutMcastOctets }
STATUS current
DESCRIPTION
"IP per-interfaces statistics for systems that include
interfaces that may overflow the standard octet
counters within 1 hour."
::= { ipMIBGroups 15 }
ipIfStatsHCPacketGroup OBJECT-GROUP
OBJECTS { ipIfStatsHCInReceives, ipIfStatsHCInForwDatagrams,
ipIfStatsHCInDelivers, ipIfStatsHCOutRequests,
ipIfStatsHCOutForwDatagrams, ipIfStatsHCOutTransmits,
ipIfStatsHCInMcastPkts, ipIfStatsHCOutMcastPkts }
STATUS current
DESCRIPTION
"IP per-interfaces statistics for systems that include
interfaces that may overflow the standard packet counters
within 1 hour."
::= { ipMIBGroups 16 }
ipv4IfStatsHCPacketGroup OBJECT-GROUP
OBJECTS { ipIfStatsHCInBcastPkts, ipIfStatsHCOutBcastPkts }
STATUS current
DESCRIPTION
"IPv4 only per-interface statistics for systems that include
interfaces that may overflow the standard packet counters
within 1 hour."
::= { ipMIBGroups 17 }
ipAddressPrefixGroup OBJECT-GROUP
OBJECTS { ipAddressPrefixOrigin,
ipAddressPrefixOnLinkFlag,
ipAddressPrefixAutonomousFlag,
ipAddressPrefixAdvPreferredLifetime,
ipAddressPrefixAdvValidLifetime }
STATUS current
DESCRIPTION
"The group of objects for providing information about address
prefixes used by this node."
::= { ipMIBGroups 18 }
ipAddressGroup OBJECT-GROUP
OBJECTS { ipAddressSpinLock, ipAddressIfIndex,
ipAddressType, ipAddressPrefix,
ipAddressOrigin, ipAddressStatus,
ipAddressCreated, ipAddressLastChanged,
ipAddressRowStatus, ipAddressStorageType }
STATUS current
DESCRIPTION
"The group of objects for providing information about the
addresses relevant to this entity's interfaces."
::= { ipMIBGroups 19 }
ipNetToPhysicalGroup OBJECT-GROUP
OBJECTS { ipNetToPhysicalPhysAddress, ipNetToPhysicalLastUpdated,
ipNetToPhysicalType, ipNetToPhysicalState,
ipNetToPhysicalRowStatus }
STATUS current
DESCRIPTION
"The group of objects for providing information about the
mappings of network address to physical address known to
this node."
::= { ipMIBGroups 20 }
ipv6ScopeGroup OBJECT-GROUP
OBJECTS { ipv6ScopeZoneIndexLinkLocal,
ipv6ScopeZoneIndex3,
ipv6ScopeZoneIndexAdminLocal,
ipv6ScopeZoneIndexSiteLocal,
ipv6ScopeZoneIndex6,
ipv6ScopeZoneIndex7,
ipv6ScopeZoneIndexOrganizationLocal,
ipv6ScopeZoneIndex9,
ipv6ScopeZoneIndexA,
ipv6ScopeZoneIndexB,
ipv6ScopeZoneIndexC,
ipv6ScopeZoneIndexD }
STATUS current
DESCRIPTION
"The group of objects for managing IPv6 scope zones."
::= { ipMIBGroups 21 }
ipDefaultRouterGroup OBJECT-GROUP
OBJECTS { ipDefaultRouterLifetime, ipDefaultRouterPreference }
STATUS current
DESCRIPTION
"The group of objects for providing information about default
routers known to this node."
::= { ipMIBGroups 22 }
ipv6RouterAdvertGroup OBJECT-GROUP
OBJECTS { ipv6RouterAdvertSpinLock,
ipv6RouterAdvertSendAdverts,
ipv6RouterAdvertMaxInterval,
ipv6RouterAdvertMinInterval,
ipv6RouterAdvertManagedFlag,
ipv6RouterAdvertOtherConfigFlag,
ipv6RouterAdvertLinkMTU,
ipv6RouterAdvertReachableTime,
ipv6RouterAdvertRetransmitTime,
ipv6RouterAdvertCurHopLimit,
ipv6RouterAdvertDefaultLifetime,
ipv6RouterAdvertRowStatus
}
STATUS current
DESCRIPTION
"The group of objects for controlling information advertised
by IPv6 routers."
::= { ipMIBGroups 23 }
icmpStatsGroup OBJECT-GROUP
OBJECTS {icmpStatsInMsgs, icmpStatsInErrors,
icmpStatsOutMsgs, icmpStatsOutErrors,
icmpMsgStatsInPkts, icmpMsgStatsOutPkts }
STATUS current
DESCRIPTION
"The group of objects providing ICMP statistics."
::= { ipMIBGroups 24 }
--
-- Deprecated objects
--
ipInReceives OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The total number of input datagrams received from
interfaces, including those received in error.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsInRecieves."
::= { ip 3 }
ipInHdrErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of input datagrams discarded due to errors in
their IPv4 headers, including bad checksums, version number
mismatch, other format errors, time-to-live exceeded, errors
discovered in processing their IPv4 options, etc.
This object has been deprecated as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsInHdrErrors."
::= { ip 4 }
ipInAddrErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of input datagrams discarded because the IPv4
address in their IPv4 header's destination field was not a
valid address to be received at this entity. This count
includes invalid addresses (e.g., 0.0.0.0) and addresses of
unsupported Classes (e.g., Class E). For entities which are
not IPv4 routers, and therefore do not forward datagrams,
this counter includes datagrams discarded because the
destination address was not a local address.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsInAddrErrors."
::= { ip 5 }
ipForwDatagrams OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of input datagrams for which this entity was not
their final IPv4 destination, as a result of which an
attempt was made to find a route to forward them to that
final destination. In entities which do not act as IPv4
routers, this counter will include only those packets which
were Source-Routed via this entity, and the Source-Route
option processing was successful.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsInForwDatagrams."
::= { ip 6 }
ipInUnknownProtos OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of locally-addressed datagrams received
successfully but discarded because of an unknown or
unsupported protocol.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsInUnknownProtos."
::= { ip 7 }
ipInDiscards OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of input IPv4 datagrams for which no problems
were encountered to prevent their continued processing, but
which were discarded (e.g., for lack of buffer space). Note
that this counter does not include any datagrams discarded
while awaiting re-assembly.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsInDiscards."
::= { ip 8 }
ipInDelivers OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The total number of input datagrams successfully delivered
to IPv4 user-protocols (including ICMP).
This object has been deprecated as a new IP version neutral
table has been added. It is loosely replaced by
ipSystemStatsIndelivers."
::= { ip 9 }
ipOutRequests OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The total number of IPv4 datagrams which local IPv4 user
protocols (including ICMP) supplied to IPv4 in requests for
transmission. Note that this counter does not include any
datagrams counted in ipForwDatagrams.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsOutRequests."
::= { ip 10 }
ipOutDiscards OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of output IPv4 datagrams for which no problem was
encountered to prevent their transmission to their
destination, but which were discarded (e.g., for lack of
buffer space). Note that this counter would include
datagrams counted in ipForwDatagrams if any such packets met
this (discretionary) discard criterion.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsOutDiscards."
::= { ip 11 }
ipOutNoRoutes OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of IPv4 datagrams discarded because no route
could be found to transmit them to their destination. Note
that this counter includes any packets counted in
ipForwDatagrams which meet this `no-route' criterion. Note
that this includes any datagrams which a host cannot route
because all of its default routers are down.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsOutNoRoutes."
::= { ip 12 }
ipReasmReqds OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of IPv4 fragments received which needed to be
reassembled at this entity.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsReasmReqds."
::= { ip 14 }
ipReasmOKs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of IPv4 datagrams successfully re-assembled.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsReasmOKs."
::= { ip 15 }
ipReasmFails OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of failures detected by the IPv4 re-assembly
algorithm (for whatever reason: timed out, errors, etc).
Note that this is not necessarily a count of discarded IPv4
fragments since some algorithms (notably the algorithm in
RFC 815) can lose track of the number of fragments by
combining them as they are received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsReasmFails."
::= { ip 16 }
ipFragOKs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of IPv4 datagrams that have been successfully
fragmented at this entity.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsOutFragOKs."
::= { ip 17 }
ipFragFails OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of IPv4 datagrams that have been discarded
because they needed to be fragmented at this entity but
could not be, e.g., because their Don't Fragment flag was
set.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
ipSystemStatsOutFragFails."
::= { ip 18 }
ipFragCreates OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of IPv4 datagram fragments that have been
generated as a result of fragmentation at this entity.
This object has been deprecated as a new IP version neutral
table has been added. It is loosely replaced by
ipSystemStatsOutFragCreates."
::= { ip 19 }
ipRoutingDiscards OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of routing entries which were chosen to be
discarded even though they are valid. One possible reason
for discarding such an entry could be to free-up buffer
space for other routing entries.
This object was defined in pre-IPv6 versions of the IP MIB.
It was implicitly IPv4 only, but the original specifications
did not indicate this protocol restriction. In order to
clarify the specifications, this object has been deprecated
and a similar, but more thoroughly clarified, object has
been added to the IP-FORWARD-MIB."
::= { ip 23 }
-- the deprecated IPv4 address table
ipAddrTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpAddrEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The table of addressing information relevant to this
entity's IPv4 addresses.
This table has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by the
ipAddressTable although several objects that weren't deemed
useful weren't carried forward while another
(ipAdEntReasmMaxSize) was moved to the ipv4InterfaceTable."
::= { ip 20 }
ipAddrEntry OBJECT-TYPE
SYNTAX IpAddrEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The addressing information for one of this entity's IPv4
addresses."
INDEX { ipAdEntAddr }
::= { ipAddrTable 1 }
IpAddrEntry ::= SEQUENCE {
ipAdEntAddr IpAddress,
ipAdEntIfIndex INTEGER,
ipAdEntNetMask IpAddress,
ipAdEntBcastAddr INTEGER,
ipAdEntReasmMaxSize INTEGER
}
ipAdEntAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The IPv4 address to which this entry's addressing
information pertains."
::= { ipAddrEntry 1 }
ipAdEntIfIndex OBJECT-TYPE
SYNTAX INTEGER (1..2147483647)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The index value which uniquely identifies the interface to
which this entry is applicable. The interface identified by
a particular value of this index is the same interface as
identified by the same value of the IF-MIB's ifIndex."
::= { ipAddrEntry 2 }
ipAdEntNetMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The subnet mask associated with the IPv4 address of this
entry. The value of the mask is an IPv4 address with all
the network bits set to 1 and all the hosts bits set to 0."
::= { ipAddrEntry 3 }
ipAdEntBcastAddr OBJECT-TYPE
SYNTAX INTEGER (0..1)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The value of the least-significant bit in the IPv4 broadcast
address used for sending datagrams on the (logical)
interface associated with the IPv4 address of this entry.
For example, when the Internet standard all-ones broadcast
address is used, the value will be 1. This value applies to
both the subnet and network broadcast addresses used by the
entity on this (logical) interface."
::= { ipAddrEntry 4 }
ipAdEntReasmMaxSize OBJECT-TYPE
SYNTAX INTEGER (0..65535)
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The size of the largest IPv4 datagram which this entity can
re-assemble from incoming IPv4 fragmented datagrams received
on this interface."
::= { ipAddrEntry 5 }
-- the deprecated IPv4 Address Translation table
-- The Address Translation tables contain the IpAddress to
-- "physical" address equivalences. Some interfaces do not
-- use translation tables for determining address
-- equivalences (e.g., DDN-X.25 has an algorithmic method);
-- if all interfaces are of this type, then the Address
-- Translation table is empty, i.e., has zero entries.
ipNetToMediaTable OBJECT-TYPE
SYNTAX SEQUENCE OF IpNetToMediaEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"The IPv4 Address Translation table used for mapping from
IPv4 addresses to physical addresses.
This table has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by the
ipNetToPhysicalTable."
::= { ip 22 }
ipNetToMediaEntry OBJECT-TYPE
SYNTAX IpNetToMediaEntry
MAX-ACCESS not-accessible
STATUS deprecated
DESCRIPTION
"Each entry contains one IpAddress to `physical' address
equivalence."
INDEX { ipNetToMediaIfIndex,
ipNetToMediaNetAddress }
::= { ipNetToMediaTable 1 }
IpNetToMediaEntry ::= SEQUENCE {
ipNetToMediaIfIndex INTEGER,
ipNetToMediaPhysAddress PhysAddress,
ipNetToMediaNetAddress IpAddress,
ipNetToMediaType INTEGER
}
ipNetToMediaIfIndex OBJECT-TYPE
SYNTAX INTEGER (1..2147483647)
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"The interface on which this entry's equivalence is
effective. The interface identified by a particular value
of this index is the same interface as identified by the
same value of the IF-MIB's ifIndex.
This object predates the rule limiting index objects to a
max access value of 'not-accessible' and so continues to use
a value of 'read-create'."
::= { ipNetToMediaEntry 1 }
ipNetToMediaPhysAddress OBJECT-TYPE
SYNTAX PhysAddress (SIZE(0..65535))
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"The media-dependent `physical' address. This object should
return 0 when this entry is in the 'incomplete' state.
As the entries in this table are typically not persistent
when this object is written the entity should not save the
change to non-volatile storage. Note: a stronger
requirement is not used because this object was previously
defined."
::= { ipNetToMediaEntry 2 }
ipNetToMediaNetAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"The IpAddress corresponding to the media-dependent
`physical' address.
This object predates the rule limiting index objects to a
max access value of 'not-accessible' and so continues to use
a value of 'read-create'."
::= { ipNetToMediaEntry 3 }
ipNetToMediaType OBJECT-TYPE
SYNTAX INTEGER {
other(1), -- none of the following
invalid(2), -- an invalidated mapping
dynamic(3),
static(4)
}
MAX-ACCESS read-create
STATUS deprecated
DESCRIPTION
"The type of mapping.
Setting this object to the value invalid(2) has the effect
of invalidating the corresponding entry in the
ipNetToMediaTable. That is, it effectively dis-associates
the interface identified with said entry from the mapping
identified with said entry. It is an implementation-
specific matter as to whether the agent removes an
invalidated entry from the table. Accordingly, management
stations must be prepared to receive tabular information
from agents that corresponds to entries not currently in
use. Proper interpretation of such entries requires
examination of the relevant ipNetToMediaType object.
As the entries in this table are typically not persistent
when this object is written the entity should not save the
change to non-volatile storage. Note: a stronger
requirement is not used because this object was previously
defined."
::= { ipNetToMediaEntry 4 }
-- the deprecated ICMP group
icmpInMsgs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The total number of ICMP messages which the entity received.
Note that this counter includes all those counted by
icmpInErrors.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
icmpStatsInMsgs."
::= { icmp 1 }
icmpInErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP messages which the entity received but
determined as having ICMP-specific errors (bad ICMP
checksums, bad length, etc.).
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
icmpStatsInErrors."
::= { icmp 2 }
icmpInDestUnreachs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Destination Unreachable messages
received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 3 }
icmpInTimeExcds OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Time Exceeded messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 4 }
icmpInParmProbs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Parameter Problem messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 5 }
icmpInSrcQuenchs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Source Quench messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 6 }
icmpInRedirects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Redirect messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 7 }
icmpInEchos OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Echo (request) messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 8 }
icmpInEchoReps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Echo Reply messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 9 }
icmpInTimestamps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Timestamp (request) messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 10 }
icmpInTimestampReps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Timestamp Reply messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 11 }
icmpInAddrMasks OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Address Mask Request messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 12 }
icmpInAddrMaskReps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Address Mask Reply messages received.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 13 }
icmpOutMsgs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The total number of ICMP messages which this entity
attempted to send. Note that this counter includes all
those counted by icmpOutErrors.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
icmpStatsOutMsgs."
::= { icmp 14 }
icmpOutErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP messages which this entity did not send
due to problems discovered within ICMP, such as a lack of
buffers. This value should not include errors discovered
outside the ICMP layer, such as the inability of IP to route
the resultant datagram. In some implementations, there may
be no types of error which contribute to this counter's
value.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by
icmpStatsOutErrors."
::= { icmp 15 }
icmpOutDestUnreachs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Destination Unreachable messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 16 }
icmpOutTimeExcds OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Time Exceeded messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 17 }
icmpOutParmProbs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Parameter Problem messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 18 }
icmpOutSrcQuenchs OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Source Quench messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 19 }
icmpOutRedirects OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Redirect messages sent. For a host, this
object will always be zero, since hosts do not send
redirects.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 20 }
icmpOutEchos OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Echo (request) messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 21 }
icmpOutEchoReps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Echo Reply messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 22 }
icmpOutTimestamps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Timestamp (request) messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 23 }
icmpOutTimestampReps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Timestamp Reply messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 24 }
icmpOutAddrMasks OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Address Mask Request messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 25 }
icmpOutAddrMaskReps OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS deprecated
DESCRIPTION
"The number of ICMP Address Mask Reply messages sent.
This object has been deprecated, as a new IP version-neutral
table has been added. It is loosely replaced by a column in
the icmpMsgStatsTable."
::= { icmp 26 }
-- deprecated conformance information
-- deprecated compliance statements
ipMIBCompliance MODULE-COMPLIANCE
STATUS deprecated
DESCRIPTION
"The compliance statement for systems that implement only
IPv4. For version-independence, this compliance statement
is deprecated in favor of ipMIBCompliance2."
MODULE -- this module
MANDATORY-GROUPS { ipGroup,
icmpGroup }
::= { ipMIBCompliances 1 }
-- deprecated units of conformance
ipGroup OBJECT-GROUP
OBJECTS { ipForwarding, ipDefaultTTL,
ipInReceives, ipInHdrErrors,
ipInAddrErrors, ipForwDatagrams,
ipInUnknownProtos, ipInDiscards,
ipInDelivers, ipOutRequests,
ipOutDiscards, ipOutNoRoutes,
ipReasmTimeout, ipReasmReqds,
ipReasmOKs, ipReasmFails,
ipFragOKs, ipFragFails,
ipFragCreates, ipAdEntAddr,
ipAdEntIfIndex, ipAdEntNetMask,
ipAdEntBcastAddr, ipAdEntReasmMaxSize,
ipNetToMediaIfIndex, ipNetToMediaPhysAddress,
ipNetToMediaNetAddress, ipNetToMediaType,
ipRoutingDiscards
}
STATUS deprecated
DESCRIPTION
"The ip group of objects providing for basic management of IP
entities, exclusive of the management of IP routes.
As part of the version independence, this group has been
deprecated. "
::= { ipMIBGroups 1 }
icmpGroup OBJECT-GROUP
OBJECTS { icmpInMsgs, icmpInErrors,
icmpInDestUnreachs, icmpInTimeExcds,
icmpInParmProbs, icmpInSrcQuenchs,
icmpInRedirects, icmpInEchos,
icmpInEchoReps, icmpInTimestamps,
icmpInTimestampReps, icmpInAddrMasks,
icmpInAddrMaskReps, icmpOutMsgs,
icmpOutErrors, icmpOutDestUnreachs,
icmpOutTimeExcds, icmpOutParmProbs,
icmpOutSrcQuenchs, icmpOutRedirects,
icmpOutEchos, icmpOutEchoReps,
icmpOutTimestamps, icmpOutTimestampReps,
icmpOutAddrMasks, icmpOutAddrMaskReps }
STATUS deprecated
DESCRIPTION
"The icmp group of objects providing ICMP statistics.
As part of the version independence, this group has been
deprecated. "
::= { ipMIBGroups 2 }
END
6. Previous Work
This document contains objects modified from RFC 1213 [11], RFC 2011
[12], RFC 2465 [13], and RFC 2466 [14].
7. References
7.1. Normative References
[1] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Structure of
Management Information Version 2 (SMIv2)", STD 58, RFC 2578,
April 1999.
[2] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Textual
Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[3] McCloghrie, K., Perkins, D., and J. Schoenwaelder, "Conformance
Statements for SMIv2", STD 58, RFC 2580, April 1999.
[4] Narten, T., Nordmark, E., and W. Simpson, "Neighbor Discovery for IP Version 6 (IPv6)", RFC 2461, December 1998. [5] Thomson, S. and T. Narten, "IPv6 Stateless Address Autoconfiguration", RFC 2462, December 1998. [6] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000. [7] Daniele, M., Haberman, B., Routhier, S., and J. Schoenwaelder, "Textual Conventions for Internet Network Addresses", RFC 4001, February 2005. [8] Draves, R. and D. Thaler, "Default Router Preferences and More- Specific Routes", RFC 4191, November 2005.7.2. Informative References
[9] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework", RFC 3410, December 2002. [10] Plummer, D., "Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware", STD 37, RFC 826, November 1982. [11] McCloghrie, K. and M. Rose, "Management Information Base for Network Management of TCP/IP-based internets:MIB-II", STD 17, RFC 1213, March 1991. [12] McCloghrie, K., "SNMPv2 Management Information Base for the Internet Protocol using SMIv2", RFC 2011, November 1996. [13] Haskin, D. and S. Onishi, "Management Information Base for IP Version 6: Textual Conventions and General Group", RFC 2465, December 1998. [14] Haskin, D. and S. Onishi, "Management Information Base for IP Version 6: ICMPv6 Group", RFC 2466, December 1998. [15] Narten, T. and R. Draves, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 3041, January 2001. [16] Haberman, B., "IP Forwarding Table MIB", RFC 4292, April 2006.
[17] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006.8. Security Considerations
There are a number of management objects defined in this MIB module with a MAX-ACCESS clause of read-write and/or read-create. Such objects may be considered sensitive or vulnerable in some network environments. The support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations. These are the tables and objects and their sensitivity/vulnerability: ipForwarding and ipv6IpForwarding - these objects allow a manager to enable or disable the routing functions on the entity. By disabling the routing functions, an attacker would possibly be able to deny service to users. By enabling the routing functions, an attacker could open a conduit into an area. This might result in the area providing transit for packets it shouldn't or might allow the attacker access to the area bypassing security safeguards. ipDefaultTTL and ipv6IpDefaultHopLimit - these objects allow a manager to determine the diameter of the valid area for a packet. By decreasing the value of these objects, an attacker could cause packets to be discarded before reaching their destinations. ipv4InterfaceEnableStatus and ipv6InterfaceEnableStatus - these objects allow a manager to enable or disable IPv4 and IPv6 on a specific interface. By enabling a protocol on an interface, an attacker might be able to create an unsecured path into a node (or through it if routing is also enabled). By disabling a protocol on an interface, an attacker might be able to force packets to be routed through some other interface or deny access to some or all of the network via that protocol. ipAddressTable - the objects in this table specify the addresses in use on this node. By modifying this information, an attacker can cause a node to either ignore messages destined to it or accept (at least at the IP layer) messages it would otherwise ignore. The use of filtering or security associations may reduce the potential damage in the latter case. ipv6RouterAdvertTable - the objects in this table specify the information that a router should propagate in its routing advertisement messages. By modifying this information, an attacker can interfere with the auto-configuration of all hosts on the link. Most modifications to this table will result in a
denial of service to some or all hosts on the link. However two
objects, ipv6RouterAdvertManagedFlag and
ipv6RouterAdvertOtherConfigFlag, indicate if a host should acquire
configuration information from some other source. By enabling
these, an attacker might be able to cause a host to retrieve its
configuration information from a compromised source.
ipNetToPhysicalPhysAddress and ipNetToPhysicalType - these objects
specify information used to translate a network (IP) address into
a media dependent address. By modifying these objects, an
attacker could disable communication with a node or divert
messages from one node to another. However, the attacker may be
able to carry out a similar attack by simply responding to the ARP
or ND request made by the target node.
Some of the readable objects in this MIB module (i.e., objects with a
MAX-ACCESS other than not-accessible) may be considered sensitive or
vulnerable in some network environments. It is thus important to
control even GET access to these objects and possibly to even encrypt
the values of these objects when sending them over the network via
SNMP.
These are the tables and objects and their sensitivity/vulnerability:
Essentially, all of the objects in this MIB could be considered
sensitive as they report on the status of the IP modules within a
system. However, the ipSystemStatsTable, ipIfStatsTable, and
ipAddressTable are likely to be of most interest to an attacker.
The statistics tables supply information about the quantity and
type of traffic this node is processing and, especially for
transit providers, may be considered sensitive. The address table
provides a convenient list of all addresses in use by this node.
Each address in isolation is unremarkable, however, the total list
would allow an attacker to correlate otherwise unrelated traffic.
For example, an attacker might be able to correlate an RFC 3041
[15] private address with known public addresses, thus
circumventing the intentions of RFC 3041.
SNMP versions prior to SNMPv3 did not include adequate security.
Even if the network itself is secure (for example by using IPSec),
even then, there is no control as to who on the secure network is
allowed to access and GET/SET (read/change/create/delete) the objects
in this MIB module.
It is RECOMMENDED that implementers consider the security features as
provided by the SNMPv3 framework (see [9], section 8), including full
support for the SNMPv3 cryptographic mechanisms (for authentication
and privacy).
Further, deployment of SNMP versions prior to SNMPv3 is NOT RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to enable cryptographic security. It is then a customer/operator responsibility to ensure that the SNMP entity giving access to an instance of this MIB module, is properly configured to give access to the objects only to those principals (users) that have legitimate rights to indeed GET or SET (change/create/delete) them.9. Acknowledgements
Reviews and other contributions were made by: Dario Acornero, Cisco Systems Mike MacFaden, VMWare Keith McCloghrie, Cisco Systems Juergen Schoenwalder, TU Braunschweig Margaret Wasserman, Devicescape10. Authors
This document was written by the IPv6 MIB revision design team: Bill Fenner, AT&T Labs -- Research EMail: fenner@research.att.com Brian Haberman EMail: brian@innovationslab.net Shawn A. Routhier EMail: sar@iwl.com Dave Thaler, Microsoft EMail: dthaler@microsoft.com This document updates parts of the MIBs from several other documents. RFC 2011 is the previous update to the IP MIB. RFC 2465 and RFC 2466 are the first versions that specified IPv6 addresses and information. RFC 2011: Keith McCloghrie, Cisco Systems (Editor) RFC 2465 and RFC 2466: Dimitry Haskin, Bay Networks Steve Onishi, Bay Networks
Editor's Contact Information
Shawn A. Routhier Interworking Labs 108 Whispering Pines Dr. Suite 235 Scotts Valley, CA 95066 USA EMail: sar@iwl.com
Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgement Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).