Internet Engineering Task Force (IETF) S. Perreault Request for Comments: 7658 Jive Communications Obsoletes: 4008 T. Tsou Category: Standards Track Huawei Technologies ISSN: 2070-1721 S. Sivakumar Cisco Systems T. Taylor PT Taylor Consulting October 2015 Deprecation of MIB Module NAT-MIB: Managed Objects for Network Address Translators (NATs)Abstract
This memo deprecates MIB module NAT-MIB, a portion of the Management Information Base (MIB) previously defined in RFC 4008 for devices implementing Network Address Translator (NAT) function. A companion document defines a new version, NATV2-MIB, which responds to deficiencies found in module NAT-MIB and adds new capabilities. This document obsoletes RFC 4008. All MIB objects specified in RFC 4008 are included in this version unchanged with only the STATUS changed to deprecated. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7658.
Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . 3 3. Motivation For Deprecating NAT-MIB . . . . . . . . . . . . . 3 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 3.2. Desirable New Features . . . . . . . . . . . . . . . . . 4 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . 60 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 7.1. Normative References . . . . . . . . . . . . . . . . . . 60 7.2. Informative References . . . . . . . . . . . . . . . . . 61 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 621. Introduction
This memo deprecates a portion of the Management Information Base (MIB), MIB module NAT-MIB, for devices implementing the Network Address Translator (NAT) function. New implementations are encouraged to base themselves upon the second version of this MIB module, NATV2-MIB, defined in [RFC7659]. NAT types and their characteristics are defined in [RFC2663]. Traditional NAT function, in particular, is defined in [RFC3022]. Neither NAT-MIB nor NATV2-MIB addresses firewall functions, and neither can be used for configuring or monitoring them. Section 2 provides references to the Simple Network Management Protocol (SNMP) management framework, which was used as the basis for the original MIB module definition and its deprecation. Section 3 provides motivation for the deprecation of module NAT-MIB and its replacement by module NATV2-MIB. Section 4 has the complete NAT-MIB module definition, with the STATUS of all objects changed to
deprecated. Section 5 describes security considerations relating to NAT-MIB, basically relying on the security considerations in [RFC4008] and [RFC7659]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].2. The Internet-Standard Management Framework
For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580 [RFC2580].3. Motivation For Deprecating NAT-MIB
This section provides the motivation for deprecating the NAT-MIB module and its replacement by a new version.3.1. Deprecated Features
All objects defined in [RFC4008] have been marked with "STATUS deprecated" for the following reasons: Writability: Experience with NAT has shown that implementations vary tremendously. The NAT algorithms and data structures have little in common across devices, and this results in wildly incompatible configuration parameters. Therefore, few implementations were ever able to claim full compliance. Lesson learned: the MIB should be read-only as much as possible.
Exposing configuration parameters: Even in read-only mode, many configuration parameters were exposed by [RFC4008] (e.g., timeouts). Since implementations vary wildly in their sets of configuration parameters, few implementations could claim even basic compliance. Lesson learned: the NAT-MIB's purpose is not to expose configuration parameters. Interfaces: Objects from [RFC4008] tie NAT state with interfaces (e.g., the interface table, the way map entries are grouped by interface). Many NAT implementations either never keep track of the interface or associate a mapping to a set of interfaces. Since interfaces are at the core of [RFC4008], many NAT devices were unable to have a proper implementation. Lesson learned: NAT is a logical function that may be independent of interfaces. Do not tie NAT state with interfaces. NAT service types: [RFC4008] used four categories of NAT service: basicNat, napt, bidirectionalNat, twiceNat. These are ill- defined, and many implementations either use different categories or do not use categories at all. Lesson learned: do not try to categorize NAT types. Limited transport protocol set: The set of transport protocols was defined as: other, icmp, udp, and tcp. Furthermore, the numeric values corresponding to those labels were arbitrary, without relation to the actual standard protocol numbers. This meant that NAT implementations were limited to those protocols and were unable to expose information about DCCP, SCTP, etc. Lesson learned: use standard transport protocol numbers.3.2. Desirable New Features
A number of desirable new features have been identified that are not present in NAT-MIB. See the latter part of Section 2 of [RFC7659].