RFC 7659
Definitions of Managed Objects for Network Address Translators (NATs)
natv2InstanceLimitPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Limit on total number of port map entries supported by the
NAT instance. When natv2InstancePortMapEntries has reached
this limit, subsequent packets that would normally trigger
creation of a new port map entry will be dropped and counted
in natv2InstancePortMapEntryLimitDrops. Warning of an
approach to this limit can be achieved by setting
natv2InstanceThresholdPortMapEntriesHigh to a non-zero
value, for example, 80% of the limit. The limit is disabled
by setting its value to zero.
For further information, please see the descriptions of
natv2NotificationInstancePortMapEntriesHigh and
natv2InstancePortMapEntries."
DEFVAL
{ 0 }
::= { natv2InstanceEntry 24 }
natv2InstanceLimitPendingFragments OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Limit on number of out-of-order fragments received by the
NAT instance from remote sources and held until head of
chain appears. While the number of held fragments is at this
limit, subsequent packets that contain fragments not
relating to those already held will be dropped and counted
in natv2InstancePendingFragmentLimitDrops. The limit is
disabled by setting the value to zero.
Applicable only when the NAT instance supports 'Receive
Fragments Out of Order' behavior; leave at default
otherwise. See the description of
natv2InstanceFragmentBehavior."
REFERENCE
"RFC 4787, Section 11."
DEFVAL { 0 }
::= { natv2InstanceEntry 25 }
natv2InstanceLimitSubscriberActives OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Limit on number of total number of active subscribers
supported by the NAT instance. An active subscriber is
defined as any subscriber with at least one map entry,
including static mappings. While the number of active
subscribers is at this limit, subsequent packets that would
otherwise trigger first mappings for newly active
subscribers will be dropped and counted in
natv2InstanceSubscriberActiveLimitDrops. The limit is
disabled by setting the value to zero."
DEFVAL { 0 }
::= { natv2InstanceEntry 26 }
-- Table of counters per upper-layer protocol identified by the
-- packet header and supported by the NAT instance.
natv2ProtocolTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2ProtocolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of protocols with per-protocol counters. Conceptual
rows of the table are indexed by the combination of the NAT
instance number and the IANA-assigned upper-layer protocol
number as given by the ProtocolNumber Textual Convention
(TC) and contained in the packet IP header. It is up to the
agent implementation to determine and operate upon only
those upper-layer protocol numbers supported by the NAT
instance."
REFERENCE
"RFC 7659, Section 3.3.5."
::= { natv2MIBInstanceObjects 2 }
natv2ProtocolEntry OBJECT-TYPE
SYNTAX Natv2ProtocolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Per-protocol counters."
INDEX { natv2ProtocolInstanceIndex,
natv2ProtocolNumber }
::= { natv2ProtocolTable 1 }
Natv2ProtocolEntry ::=
SEQUENCE {
natv2ProtocolInstanceIndex Natv2InstanceIndex,
natv2ProtocolNumber ProtocolNumber,
-- State
natv2ProtocolPortMapEntries Unsigned32,
-- Statistics. Discontinuity object from instance table reused here.
natv2ProtocolTranslations Counter64,
natv2ProtocolPortMapCreations Counter64,
natv2ProtocolPortMapFailureDrops Counter64
}
natv2ProtocolInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"NAT instance index. It is up to the implementation to
determine and operate upon only those values that
correspond to in-service NAT instances."
::= { natv2ProtocolEntry 1 }
natv2ProtocolNumber OBJECT-TYPE
SYNTAX ProtocolNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Counters in this conceptual row apply to packets indicating
the upper-layer protocol identified by the value of
this object. It is up to the implementation to determine and
operate upon only those values that correspond to protocols
supported by the NAT instance."
REFERENCE
"RFC 7659, Section 3.3.5.
IANA Protocol Numbers,
<http://www.iana.org/assignments/protocol-numbers>"
::= { natv2ProtocolEntry 2 }
-- State
natv2ProtocolPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of entries in the port map table in total
over the whole NAT instance for a given protocol, including
static mappings. A port map entry maps from a given external
realm, address, and port for a given protocol to an internal
realm, address, and port. This definition includes 'hairpin'
mappings, where the external realm is the same as the
internal one. Port map entries are also tracked per
subscriber, per instance, and per address pool within the
instance."
REFERENCE
"RFC 7659, Sections 3.3.5 and 3.3.9.
Hairpinning: RFC 4787, Section 6."
::= { natv2ProtocolEntry 3 }
-- Statistics
natv2ProtocolTranslations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of packets translated by the NAT
instance in either direction for the given protocol.
This value MUST be monotone increasing in the periods
between updates of the NAT instance
natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
::= { natv2ProtocolEntry 4 }
natv2ProtocolPortMapCreations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of port map entries created by the NAT
instance for the given protocol.
This value MUST be monotone increasing in the periods
between updates of the NAT instance
natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
::= { natv2ProtocolEntry 5 }
natv2ProtocolPortMapFailureDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of packets dropped because the packet
would have triggered the creation of a new port map entry,
but no port could be allocated for the protocol concerned.
The usual case for this will be for a NAT instance that
supports address pooling and the 'Paired' pooling behavior
recommended by RFC 4787, where the internal endpoint has
used up all of the ports allocated to it for the address it
was mapped to in the selected address pool in the external
realm concerned and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
If the NAT instance supports address pooling but its
pooling behavior is 'Arbitrary' (meaning that
the NAT instance can allocate a new port mapping for
the given internal endpoint on any address in the
selected address pool and is not bound to what it has
already mapped for that endpoint), then this counter
is incremented when all ports for the protocol concerned
over the whole of the selected address pool are already
in use.
Finally, if the NAT instance has no configured address
pooling, then this counter is incremented because all
ports for the protocol concerned over the whole of the
NAT instance for the external realm concerned are already
in use.
This value MUST be monotone increasing in the periods
between updates of the NAT instance
natv2InstanceDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2InstanceDiscontinuityTime."
REFERENCE
"RFC 4787, end of Section 4.1."
::= { natv2ProtocolEntry 6 }
-- pools
natv2PoolTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2PoolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of address pools, applicable only if these are
supported by the NAT instance. An address pool is a set of
addresses and ports in a particular realm, available for
assignment to the 'external' portion of a mapping. Where more
than one pool has been configured for the realm, policy
determines which subscribers and/or services are mapped to
which pool. natv2PoolTable provides basic information, state,
statistics, and two notification thresholds for each pool.
natv2PoolRangeTable is an expansion table for natv2PoolTable
that identifies particular address ranges allocated to the
pool."
REFERENCE
"RFC 7659, Section 3.3.6."
::= { natv2MIBInstanceObjects 3 }
natv2PoolEntry OBJECT-TYPE
SYNTAX Natv2PoolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Entry in the table of address pools."
INDEX { natv2PoolInstanceIndex, natv2PoolIndex }
::= { natv2PoolTable 1 }
Natv2PoolEntry ::=
SEQUENCE {
-- Index
natv2PoolInstanceIndex Natv2InstanceIndex,
natv2PoolIndex Natv2PoolIndex,
-- Configuration
natv2PoolRealm SnmpAdminString,
natv2PoolAddressType InetAddressType,
natv2PoolMinimumPort InetPortNumber,
natv2PoolMaximumPort InetPortNumber,
-- State
natv2PoolAddressMapEntries Unsigned32,
natv2PoolPortMapEntries Unsigned32,
-- Statistics and discontinuity time
natv2PoolAddressMapCreations Counter64,
natv2PoolPortMapCreations Counter64,
natv2PoolAddressMapFailureDrops Counter64,
natv2PoolPortMapFailureDrops Counter64,
natv2PoolDiscontinuityTime TimeStamp,
-- Notification thresholds and objects returned by notifications
natv2PoolThresholdUsageLow Integer32,
natv2PoolThresholdUsageHigh Integer32,
natv2PoolNotifiedPortMapEntries Unsigned32,
natv2PoolNotifiedPortMapProtocol ProtocolNumber,
natv2PoolNotificationInterval Unsigned32
}
natv2PoolInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"NAT instance index. It is up to the agent implementation
to determine and operate upon only those values that
correspond to in-service NAT instances."
::= { natv2PoolEntry 1 }
natv2PoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of an address pool that is unique for a given NAT
instance. It is up to the agent implementation to determine
and operate upon only those values that correspond to
provisioned pools."
::= { natv2PoolEntry 2 }
-- Configuration
natv2PoolRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE (0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Address realm to which this pool's addresses belong."
REFERENCE
"Address realms are discussed in Section 3.3.3 of
RFC 7659. The primary reference is RFC 2663, Section 2.1."
::= { natv2PoolEntry 3 }
natv2PoolAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Address type supplied by this address pool. This will be the
same for all pools in a given realm (by definition of an
address realm). Values other than ipv4(1) or ipv6(2) would
be unexpected."
REFERENCE
"InetAddressType in RFC 4001."
::= { natv2PoolEntry 4 }
natv2PoolMinimumPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Minimum port number of the range that can be allocated in
this pool. Applies to all protocols supported by the NAT
instance."
REFERENCE
"InetPortNumber in RFC 4001."
::= { natv2PoolEntry 5 }
natv2PoolMaximumPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Maximum port number of the range that can be allocated in
this pool. Applies to all protocols supported by the NAT
instance."
REFERENCE
"InetPortNumber in RFC 4001."
::= { natv2PoolEntry 6 }
-- State
natv2PoolAddressMapEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of address map entries using external
addresses drawn from this pool, including static mappings.
This definition includes 'hairpin' mappings, where the
external realm is the same as the internal one. Address map
entries are also tracked per subscriber and per instance."
REFERENCE
"RFC 7659, Section 3.3.8.
Hairpinning: RFC 4787, Section 6."
::= { natv2PoolEntry 7 }
natv2PoolPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current number of entries in the port map table using
external addresses and ports drawn from this pool, including
static mappings. This definition includes 'hairpin'
mappings, where the external realm is the same as the
internal one. Port map entries are also tracked per
subscriber, per instance, and per protocol within the
instance."
REFERENCE
"RFC 7659, Section 3.3.9.
Hairpinning: RFC 4787, Section 6."
::= { natv2PoolEntry 8 }
-- Statistics and discontinuity time
natv2PoolAddressMapCreations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of address map entries created in this
pool, including static mappings. Address map entries are
also tracked per instance and per subscriber.
This value MUST be monotone increasing in
the periods between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime."
::= { natv2PoolEntry 9 }
natv2PoolPortMapCreations OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of port map entries created in this
pool, including static mappings. Port map entries are also
tracked per instance, per protocol, and per subscriber.
This value MUST be monotone increasing in the periods
between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime."
::= { natv2PoolEntry 10 }
natv2PoolAddressMapFailureDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of packets originated by the
subscriber that were dropped because the packet would have
triggered the creation of a new address map entry, but no
address could be allocated from this address pool because
all addresses in the pool have already been fully allocated.
Counters of this event are also provided per instance, per
protocol, and per subscriber.
This value MUST be monotone increasing in the periods
between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime."
::= { natv2PoolEntry 11 }
natv2PoolPortMapFailureDrops OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cumulative number of packets dropped because the packet
would have triggered the creation of a new port map entry,
but no port could be allocated for the protocol concerned.
The usual case for this will be for a NAT instance that
supports the 'Paired' pooling behavior recommended by RFC
4787, where the internal endpoint has used up all of the
ports allocated to it for the address it was mapped to in
this pool and cannot be given more ports because
- policy or implementation prevents it from having a
second address in the same pool, and
- policy or unavailability prevents it from acquiring
more ports at its originally assigned address.
If the NAT instance pooling behavior is 'Arbitrary' (meaning
that the NAT instance can allocate a new port mapping for
the given internal endpoint on any address in the selected
address pool and is not bound to what it has already mapped
for that endpoint), then this counter is incremented when
all ports for the protocol concerned over the whole of this
address pool are already in use.
This value MUST be monotone increasing in the periods
between updates of the entity's
natv2PoolDiscontinuityTime. If a manager detects a
change in the latter since the last time it sampled this
counter, it SHOULD NOT make use of the difference between
the latest value of the counter and any value retrieved
before the new value of natv2PoolDiscontinuityTime."
REFERENCE
"Pooling behavior: RFC 4787, end of Section 4.1."
::= { natv2PoolEntry 12 }
natv2PoolDiscontinuityTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Snapshot of the value of the sysUpTime object at the
beginning of the latest period of continuity of the
statistical counters associated with this address
pool. This MUST be initialized when the address pool
is configured and MUST be updated whenever the port
or address ranges allocated to the pool change."
::= { natv2PoolEntry 13 }
-- Notification thresholds and objects returned by notifications
natv2PoolThresholdUsageLow OBJECT-TYPE
SYNTAX Integer32 (-1|0..100)
UNITS "Percent"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Threshold for reporting low utilization of the address pool.
Utilization at a given instant is calculated as the
percentage of ports allocated in port map entries for the
most-used protocol at that instant. If utilization is less
than or equal to natv2PoolThresholdUsageLow, an instance of
natv2NotificationPoolUsageLow may be triggered, unless
disabled by setting it to -1. Reporting is subject to the
per-pool notification interval given by
natv2PoolNotificationInterval. If multiple notifications
are triggered during one interval, the agent MUST report
only the one with the lowest value of
natv2PoolNotifiedPortMapEntries and discard the others.
Implementation note: the percentage specified by this object
can be converted to a number of port map entries at
configuration time (after port and address ranges have been
configured or reconfigured) and compared to the current
value of natv2PoolNotifiedPortMapEntries."
REFERENCE
"RFC 7659, Sections 3.1.2 and 3.3.6."
DEFVAL { -1 }
::= { natv2PoolEntry 14 }
natv2PoolThresholdUsageHigh OBJECT-TYPE
SYNTAX Integer32 (-1|0..100)
UNITS "Percent"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Threshold for reporting high utilization of the address
pool. Utilization at a given instant is calculated as the
percentage of ports allocated in port map entries for the
most-used protocol at that instant. If utilization is
greater than or equal to natv2PoolThresholdUsageHigh, an
instance of natv2NotificationPoolUsageHigh may be triggered,
unless disabled by setting it to -1.
Reporting is subject to the per-pool notification interval
given by natv2PoolNotificationInterval. If multiple
notifications are triggered during one interval, the agent
MUST report only the one with the highest value of
natv2PoolNotifiedPortMapEntries and discard the others.
In the rare case where both upper and lower thresholds
are crossed in the same interval, the agent MUST report only
the upper-threshold notification.
Implementation note: the percentage specified by this object
can be converted to a number of port map entries at
configuration time (after port and address ranges have been
configured or reconfigured) and compared to the current
value of natv2PoolNotifiedPortMapEntries."
DEFVAL { -1 }
::= { natv2PoolEntry 15 }
natv2PoolNotifiedPortMapEntries OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Number of port map entries using addresses and ports from
this address pool for the most-used protocol at a given
instant. One of the objects returned by
natv2NotificationPoolUsageLow and
natv2NotificationPoolUsageHigh."
::= { natv2PoolEntry 16 }
natv2PoolNotifiedPortMapProtocol OBJECT-TYPE
SYNTAX ProtocolNumber
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The most-used protocol (i.e., with the largest number of
port map entries) mapped into this address pool at a given
instant. One of the objects returned by
natv2NotificationPoolUsageLow and
natv2NotificationPoolUsageHigh."
::= { natv2PoolEntry 17 }
natv2PoolNotificationInterval OBJECT-TYPE
SYNTAX Unsigned32 (1..3600)
UNITS
"Seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Minimum number of seconds between successive
notifications for this address pool. Controls the generation
of natv2NotificationPoolUsageLow and
natv2NotificationPoolUsageHigh."
DEFVAL
{ 20 }
::= { natv2PoolEntry 18 }
natv2PoolRangeTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2PoolRangeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table contains address ranges used by pool entries.
It is an expansion of natv2PoolTable."
REFERENCE
"RFC 7659, Section 3.3.7."
::= { natv2MIBInstanceObjects 4 }
natv2PoolRangeEntry OBJECT-TYPE
SYNTAX Natv2PoolRangeEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"NAT pool address range."
INDEX {
natv2PoolRangeInstanceIndex,
natv2PoolRangePoolIndex,
natv2PoolRangeRowIndex
}
::= { natv2PoolRangeTable 1 }
Natv2PoolRangeEntry ::=
SEQUENCE {
natv2PoolRangeInstanceIndex Natv2InstanceIndex,
natv2PoolRangePoolIndex Natv2PoolIndex,
natv2PoolRangeRowIndex Unsigned32,
natv2PoolRangeBegin InetAddress,
natv2PoolRangeEnd InetAddress
}
natv2PoolRangeInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of the NAT instance on which the address pool and this
address range are configured. See Natv2InstanceIndex."
::= { natv2PoolRangeEntry 1 }
natv2PoolRangePoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of the address pool to which this address range
belongs. See Natv2PoolIndex."
::= { natv2PoolRangeEntry 2 }
natv2PoolRangeRowIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Row index for successive range entries for the same
address pool."
::= { natv2PoolRangeEntry 3 }
natv2PoolRangeBegin OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Lowest address included in this range. The type of address
(IPv4 or IPv6) is given by natv2PoolAddressType
in natv2PoolTable."
::= { natv2PoolRangeEntry 4 }
natv2PoolRangeEnd OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Highest address included in this range. The type of address
(IPv4 or IPv6) is given by natv2PoolAddressType
in natv2PoolTable."
::= { natv2PoolRangeEntry 5 }
-- Indexed mapping tables
-- Address Map Table. Mapped from the internal to external address.
natv2AddressMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2AddressMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of mappings from the internal to external address. By
definition, this is a snapshot of NAT instance state at a
given moment. Indexed by NAT instance, internal realm, and
internal address in that realm. Provides the mapped external
address and, depending on implementation support, identifies
the address pool from which the external address and port
were taken and the index of the subscriber to which the
mapping has been allocated.
In the case of DS-Lite (RFC 6333), the indexing realm and
address are those of the IPv6 encapsulation rather than the
IPv4 inner packet."
REFERENCE
"RFC 7659, Section 3.3.8. DS-Lite: RFC 6333"
::= { natv2MIBInstanceObjects 5 }
natv2AddressMapEntry OBJECT-TYPE
SYNTAX Natv2AddressMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Mapping from internal to external address."
INDEX { natv2AddressMapInstanceIndex,
natv2AddressMapInternalRealm,
natv2AddressMapInternalAddressType,
natv2AddressMapInternalAddress,
natv2AddressMapRowIndex }
::= { natv2AddressMapTable 1 }
Natv2AddressMapEntry ::=
SEQUENCE {
natv2AddressMapInstanceIndex Natv2InstanceIndex,
natv2AddressMapInternalRealm SnmpAdminString,
natv2AddressMapInternalAddressType InetAddressType,
natv2AddressMapInternalAddress InetAddress,
natv2AddressMapRowIndex Unsigned32,
natv2AddressMapInternalMappedAddressType InetAddressType,
natv2AddressMapInternalMappedAddress InetAddress,
natv2AddressMapExternalRealm SnmpAdminString,
natv2AddressMapExternalAddressType InetAddressType,
natv2AddressMapExternalAddress InetAddress,
natv2AddressMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2AddressMapSubscriberIndex Natv2SubscriberIndexOrZero
}
natv2AddressMapInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of the NAT instance that generated this address map."
::= { natv2AddressMapEntry 1 }
natv2AddressMapInternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Realm to which the internal address belongs. In most cases,
this is the realm defining the address space of the packet
being translated. However, in the case of DS-Lite (RFC
6333), this realm defines the IPv6 outer header address
space. It is the combination of that outer header and
the inner IPv4 packet header that is remapped to the
external address and realm. The corresponding IPv4 realm is
restricted in scope to the tunnel, so there is no point in
identifying it. The mapped IPv4 address will normally be the
well-known value 192.0.0.2, or at least lie in the reserved
192.0.0.0/29 range.
If natv2AddressMapSubscriberIndex in this table is a valid
subscriber index (i.e., greater than zero), then the value
of natv2AddressMapInternalRealm MUST be identical to the
value of natv2SubscriberRealm associated with that index."
REFERENCE
"DS-Lite: RFC 6333, Sections 5.7 (for well-known addresses)
and 6.6 (on the need to have the IPv6 tunnel address in
the NAT mapping tables)."
::= { natv2AddressMapEntry 2 }
natv2AddressMapInternalAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address type in the header of packets on the
interior side of this mapping. Any value other than ipv4(1)
or ipv6(2) would be unexpected.
In the DS-Lite case, the address type is ipv6(2)."
REFERENCE
"DS-Lite: RFC 6333, Sections 5.7 (for well-known addresses)
and 6.6 (on the need to have the IPv6 tunnel source
address in the NAT mapping tables)."
::= { natv2AddressMapEntry 3 }
natv2AddressMapInternalAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0..16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Source address of packets originating from the interior
of the association provided by this mapping. The address
type is given by natv2AddressMapInternalAddressType.
In the case of DS-Lite (RFC 6333), this is the IPv6 tunnel
source address. The mapping in this case is considered to
be from the combination of the IPv6 tunnel source address
natv2AddressMapInternalRealmAddress and the well-known IPv4
inner source address natv2AddressMapInternalMappedAddress to
the external address."
REFERENCE
"DS-Lite: RFC 6333, Sections 5.7 (for well-known addresses)
and 6.6 (on the need to have the IPv6 tunnel address in
the NAT mapping tables)."
::= { natv2AddressMapEntry 4 }
natv2AddressMapRowIndex OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of a conceptual row corresponding to a mapping of the
given internal realm and address to a single external realm
and address. Multiple rows will be present because of a
promiscuous external address selection policy, policies
associating the same internal address with different address
pools, or because the same internal realm-address
combination is communicating with multiple external address
realms."
::= { natv2AddressMapEntry 5 }
natv2AddressMapInternalMappedAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Internal address type actually translated by this mapping.
Any value other than ipv4(1) or ipv6(2) would be unexpected.
In the general case, this is the same as given by
natv2AddressMapInternalRealmAddressType. In the
tunneled case, it is the address type used in the
encapsulated packet header. In particular, in the DS-Lite
case, the mapped address type is ipv4(1)."
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2AddressMapEntry 6 }
natv2AddressMapInternalMappedAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Internal address actually translated by this mapping. In the
general case, this is the same as
natv2AddressMapInternalRealmAddress. The address type is
given by natv2AddressMapInternalMappedAddressType. In the
case of DS-Lite (RFC 6333), this is the source address of
the encapsulated IPv4 packet, normally lying in the well-known
range 192.0.0.0/29. The mapping in this case is considered
to be from the combination of the IPv6 tunnel source address
natv2AddressMapInternalRealmAddress and the well-known IPv4
inner source address natv2AddressMapInternalMappedAddress to
the external address."
REFERENCE
"DS-Lite: RFC 6333, Sections 5.7 (for well-known addresses)
and 6.6 (on the need to have the IPv6 tunnel address in
the NAT mapping tables)."
::= { natv2AddressMapEntry 7 }
natv2AddressMapExternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"External address realm to which this mapping maps the
internal address. This can be the same as the internal realm
in the case of a 'hairpin' connection, but otherwise will be
different."
::= { natv2AddressMapEntry 8 }
natv2AddressMapExternalAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Address type for the external realm. Any value other than
ipv4(1) or ipv6(2) would be unexpected."
::= { natv2AddressMapEntry 9 }
natv2AddressMapExternalAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"External address to which the internal address is mapped.
The address type is given by
natv2AddressMapExternalAddressType.
In the DS-Lite case, the mapping is from the combination of
the internal IPv6 tunnel source address as presented in this
table and the well-known IPv4 source address of the
encapsulated IPv4 packet."
REFERENCE
"DS-Lite: RFC 6333, Sections 5.7 (for well-known addresses)
and 6.6 (on the need to have the IPv6 tunnel address in
the NAT mapping tables)."
::= { natv2AddressMapEntry 10 }
natv2AddressMapExternalPoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the address pool in the external realm from which
the mapped external address given in
natv2AddressMapExternalAddress was taken. Zero if the
implementation does not support address pools but has chosen
to support this object or if no pool was configured for the
given external realm."
::= { natv2AddressMapEntry 11 }
natv2AddressMapSubscriberIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Index of the subscriber to which this address mapping
applies, or zero if no subscribers are configured on
this NAT instance."
::= { natv2AddressMapEntry 12 }
-- natv2PortMapTable
natv2PortMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF Natv2PortMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of port map entries indexed by the NAT instance,
protocol, and external realm and address. A port map entry
associates an internal upper-layer protocol endpoint with an
endpoint for the same protocol in the given external realm.
By definition, this is a snapshot of NAT instance state at
a given moment. The table provides the basic mapping
information.
In the case of DS-Lite (RFC 6333), the table provides the
internal IPv6 tunnel source address in
natv2PortMapInternalRealmAddress and the IPv4 source address
of the encapsulated packet that is actually translated in
natv2PortMapInternalMappedAddress. In the general (non-DS-
Lite) case, those two objects will have the same value."
REFERENCE
"RFC 7659, Section 3.3.9.
DS-Lite: RFC 6333, Sections 5.7
(for well-known addresses) and 6.6 (on the need to have the
IPv6 tunnel address in the NAT mapping tables)."
::= { natv2MIBInstanceObjects 6 }
natv2PortMapEntry OBJECT-TYPE
SYNTAX Natv2PortMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A single NAT mapping."
INDEX { natv2PortMapInstanceIndex,
natv2PortMapProtocol,
natv2PortMapExternalRealm,
natv2PortMapExternalAddressType,
natv2PortMapExternalAddress,
natv2PortMapExternalPort }
::= { natv2PortMapTable 1 }
Natv2PortMapEntry ::=
SEQUENCE {
natv2PortMapInstanceIndex Natv2InstanceIndex,
natv2PortMapProtocol ProtocolNumber,
natv2PortMapExternalRealm SnmpAdminString,
natv2PortMapExternalAddressType InetAddressType,
natv2PortMapExternalAddress InetAddress,
natv2PortMapExternalPort InetPortNumber,
natv2PortMapInternalRealm SnmpAdminString,
natv2PortMapInternalAddressType InetAddressType,
natv2PortMapInternalAddress InetAddress,
natv2PortMapInternalMappedAddressType InetAddressType,
natv2PortMapInternalMappedAddress InetAddress,
natv2PortMapInternalPort InetPortNumber,
natv2PortMapExternalPoolIndex Natv2PoolIndexOrZero,
natv2PortMapSubscriberIndex Natv2SubscriberIndexOrZero
}
natv2PortMapInstanceIndex OBJECT-TYPE
SYNTAX Natv2InstanceIndex
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Index of the NAT instance that created this port map entry."
::= { natv2PortMapEntry 1 }
natv2PortMapProtocol OBJECT-TYPE
SYNTAX ProtocolNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The map entry's upper-layer protocol number."
::= { natv2PortMapEntry 2 }
natv2PortMapExternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The realm to which natv2PortMapExternalAddress belongs."
::= { natv2PortMapEntry 3 }
natv2PortMapExternalAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Address type for the external realm. A value other
than ipv4(1) or ipv6(2) would be unexpected."
::= { natv2PortMapEntry 4 }
natv2PortMapExternalAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0..16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's assigned external address. (This address is
taken from the address pool identified by
natv2PortMapExternalPoolIndex, if the implementation
supports address pools and pools are configured for the
given external realm.) This is the source address for
translated outgoing packets. The address type is given
by natv2PortMapExternalAddressType."
::= { natv2PortMapEntry 5 }
natv2PortMapExternalPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The mapping's assigned external port number. This is the
source port for translated outgoing packets. If the internal
port number given by natv2PortMapInternalPort is zero, this
value MUST also be zero. Otherwise, this MUST be a non-zero
value."
::= { natv2PortMapEntry 6 }
natv2PortMapInternalRealm OBJECT-TYPE
SYNTAX SnmpAdminString (SIZE(0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The realm to which natv2PortMapInternalRealmAddress belongs.
In the general case, this realm contains the address that is
being translated. In the DS-Lite (RFC 6333) case, this realm
defines the IPv6 address space from which the tunnel source
address is taken. The realm of the encapsulated IPv4 address
is restricted in scope to the tunnel, so there is no point
in identifying it separately."
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2PortMapEntry 7 }
natv2PortMapInternalAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Address type for addresses in the realm identified by
natv2PortMapInternalRealm."
::= { natv2PortMapEntry 8 }
natv2PortMapInternalAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Source address for packets received under this mapping on
the internal side of the NAT instance. In the general case,
this address is the same as the address given in
natv2PortMapInternalMappedAddress. In the DS-Lite case,
natv2PortMapInternalAddress is the IPv6 tunnel source
address. The address type is given
by natv2PortMapInternalAddressType."
REFERENCE
"DS-Lite: RFC 6333, Sections 5.7 (for well-known addresses)
and 6.6 (on the need to have the IPv6 tunnel address in
the NAT mapping tables)."
::= { natv2PortMapEntry 9 }
natv2PortMapInternalMappedAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Internal address type actually translated by this mapping.
Any value other than ipv4(1) or ipv6(2) would be unexpected.
In the general case, this is the same as given by
natv2AddressMapInternalAddressType. In the DS-Lite
case, the address type is ipv4(1)."
REFERENCE
"DS-Lite: RFC 6333."
::= { natv2PortMapEntry 10 }
natv2PortMapInternalMappedAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Internal address actually translated by this mapping. In the
general case, this is the same as
natv2PortMapInternalRealmAddress. The address type is given
by natv2PortMapInternalMappedAddressType.
In the case of DS-Lite (RFC 6333), this is the source
address of the encapsulated IPv4 packet, normally selected
from the well-known range 192.0.0.0/29. The mapping in this
case is considered to be from the external address to the
combination of the IPv6 tunnel source address
natv2PortMapInternalRealmAddress and the well-known IPv4
inner source address natv2PortMapInternalMappedAddress."
REFERENCE
"DS-Lite: RFC 6333, Sections 5.7 (for well-known addresses)
and 6.6 (on the need to have the IPv6 tunnel address in
the NAT mapping tables)."
::= { natv2PortMapEntry 11 }
natv2PortMapInternalPort OBJECT-TYPE
SYNTAX InetPortNumber
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The mapping's internal port number. If this is zero, ports
are not translated (i.e., the NAT instance is a pure NAT
rather than a Network Address and Port Translator (NAPT))."
::= { natv2PortMapEntry 12 }
natv2PortMapExternalPoolIndex OBJECT-TYPE
SYNTAX Natv2PoolIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Identifies the address pool from which the external address
in this port map entry was taken. Zero if the implementation
does not support address pools but has chosen to support
this object or if no pools are configured for the given
external realm."
::= { natv2PortMapEntry 13 }
natv2PortMapSubscriberIndex OBJECT-TYPE
SYNTAX Natv2SubscriberIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Subscriber using this map entry. Zero if the implementation
does not support subscribers but has chosen to support
this object."
::= { natv2PortMapEntry 14 }
-- Conformance section. Specifies three cumulatively more extensive
-- applications: basic NAT, pooled NAT, and carrier-grade NAT.
natv2MIBConformance OBJECT IDENTIFIER ::= { natv2MIB 3 }
natv2MIBCompliances OBJECT IDENTIFIER ::= { natv2MIBConformance 1 }
natv2MIBGroups OBJECT IDENTIFIER ::= { natv2MIBConformance 2 }
natv2MIBBasicCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Describes the requirements for conformance to the basic NAT
application of NATV2-MIB."
MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup
}
::= { natv2MIBCompliances 1 }
natv2MIBPooledNATCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Describes the requirements for conformance to the pooled NAT
application of NATV2-MIB."
MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup,
natv2PooledNotificationGroup,
natv2PooledInstanceLevelGroup
}
::= { natv2MIBCompliances 2 }
natv2MIBCGNCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"Describes the requirements for conformance to the
carrier-grade NAT application of NATV2-MIB."
MODULE -- this module
MANDATORY-GROUPS { natv2BasicNotificationGroup,
natv2BasicInstanceLevelGroup,
natv2PooledNotificationGroup,
natv2PooledInstanceLevelGroup,
natv2CGNNotificationGroup,
natv2CGNDeviceLevelGroup,
natv2CGNInstanceLevelGroup
}
::= { natv2MIBCompliances 3 }
-- Groups
natv2BasicNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
natv2NotificationInstanceAddressMapEntriesHigh,
natv2NotificationInstancePortMapEntriesHigh
}
STATUS current
DESCRIPTION
"Notifications that MUST be supported by all NAT
applications."
::= { natv2MIBGroups 1 }
natv2BasicInstanceLevelGroup OBJECT-GROUP
OBJECTS {
-- from natv2InstanceTable
natv2InstanceAlias,
natv2InstancePortMappingBehavior,
natv2InstanceFilteringBehavior,
natv2InstanceFragmentBehavior,
natv2InstanceAddressMapEntries,
natv2InstancePortMapEntries,
natv2InstanceTranslations,
natv2InstanceAddressMapCreations,
natv2InstanceAddressMapEntryLimitDrops,
natv2InstanceAddressMapFailureDrops,
natv2InstancePortMapCreations,
natv2InstancePortMapEntryLimitDrops,
natv2InstancePortMapFailureDrops,
natv2InstanceFragmentDrops,
natv2InstanceOtherResourceFailureDrops,
natv2InstanceDiscontinuityTime,
natv2InstanceThresholdAddressMapEntriesHigh,
natv2InstanceThresholdPortMapEntriesHigh,
natv2InstanceNotificationInterval,
natv2InstanceLimitAddressMapEntries,
natv2InstanceLimitPortMapEntries,
natv2InstanceLimitPendingFragments,
-- from natv2ProtocolTable
natv2ProtocolPortMapEntries,
natv2ProtocolTranslations,
natv2ProtocolPortMapCreations,
natv2ProtocolPortMapFailureDrops,
-- from natv2AddressMapTable
natv2AddressMapExternalRealm,
natv2AddressMapExternalAddressType,
natv2AddressMapExternalAddress,
-- from natv2PortMapTable
natv2PortMapInternalRealm,
natv2PortMapInternalAddressType,
natv2PortMapInternalAddress,
natv2PortMapInternalPort
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by
implementations of all NAT applications."
::= { natv2MIBGroups 2 }
natv2PooledNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
natv2NotificationPoolUsageLow,
natv2NotificationPoolUsageHigh
}
STATUS current
DESCRIPTION
"Notifications that MUST be supported by pooled and
carrier-grade NAT applications."
::= { natv2MIBGroups 3 }
natv2PooledInstanceLevelGroup OBJECT-GROUP
OBJECTS {
-- from natv2InstanceTable
natv2InstancePoolingBehavior,
-- from natv2PoolTable
natv2PoolRealm,
natv2PoolAddressType,
natv2PoolMinimumPort,
natv2PoolMaximumPort,
natv2PoolAddressMapEntries,
natv2PoolPortMapEntries,
natv2PoolAddressMapCreations,
natv2PoolPortMapCreations,
natv2PoolAddressMapFailureDrops,
natv2PoolPortMapFailureDrops,
natv2PoolDiscontinuityTime,
natv2PoolThresholdUsageLow,
natv2PoolThresholdUsageHigh,
natv2PoolNotifiedPortMapEntries,
natv2PoolNotifiedPortMapProtocol,
natv2PoolNotificationInterval,
-- from natv2PoolRangeTable
natv2PoolRangeBegin,
natv2PoolRangeEnd,
-- from natv2AddressMapTable
natv2AddressMapExternalPoolIndex,
-- from natv2PortMapTable
natv2PortMapExternalPoolIndex
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by
implementations of the pooled and carrier-grade
NAT applications."
::= { natv2MIBGroups 4 }
natv2CGNNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
natv2NotificationSubscriberPortMappingEntriesHigh
}
STATUS current
DESCRIPTION
"Notification that MUST be supported by implementations
of the carrier-grade NAT application."
::= { natv2MIBGroups 5 }
natv2CGNDeviceLevelGroup OBJECT-GROUP
OBJECTS {
-- from table natv2SubscriberTable
natv2SubscriberInternalRealm,
natv2SubscriberInternalPrefixType,
natv2SubscriberInternalPrefix,
natv2SubscriberInternalPrefixLength,
natv2SubscriberAddressMapEntries,
natv2SubscriberPortMapEntries,
natv2SubscriberTranslations,
natv2SubscriberAddressMapCreations,
natv2SubscriberPortMapCreations,
natv2SubscriberAddressMapFailureDrops,
natv2SubscriberPortMapFailureDrops,
natv2SubscriberDiscontinuityTime,
natv2SubscriberLimitPortMapEntries,
natv2SubscriberThresholdPortMapEntriesHigh,
natv2SubscriberNotificationInterval
}
STATUS current
DESCRIPTION
"Device-level objects that MUST be supported by the
carrier-grade NAT application."
::= { natv2MIBGroups 6 }
natv2CGNInstanceLevelGroup OBJECT-GROUP
OBJECTS {
-- from natv2InstanceTable
natv2InstanceSubscriberActiveLimitDrops,
natv2InstanceLimitSubscriberActives,
-- from natv2AddressMapTable
natv2AddressMapInternalMappedAddressType,
natv2AddressMapInternalMappedAddress,
natv2AddressMapSubscriberIndex,
-- from natv2PortMapTable
natv2PortMapInternalMappedAddressType,
natv2PortMapInternalMappedAddress,
natv2PortMapSubscriberIndex
}
STATUS current
DESCRIPTION
"Per-instance objects that MUST be supported by the
carrier-grade NAT application."
::= { natv2MIBGroups 7 }
END
(page 74 continued on part 4)
