-- extracted from draft-stiemerling-midcom-server-mib-00.txt -- at Thu Dec 4 06:15:52 2003 MIDCOM-SERVER-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, mib-2 FROM SNMPv2-SMI -- RFC2578 TEXTUAL-CONVENTION FROM SNMPv2-TC -- RFC2579 MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF -- RFC2580 SnmpAdminString FROM SNMP-FRAMEWORK-MIB -- RFC3411 InterfaceIndex FROM IF-MIB -- RFC2863 midcomSessionOwner, midcomGroupIndex, midcomRuleIndex FROM MIDCOM-MIB; -- draft! midcomSrvMIB MODULE-IDENTITY LAST-UPDATED "200311240930Z" -- November 24, 2003 ORGANIZATION "IETF Middlebox Communication Working Group" CONTACT-INFO "WG charter: http://www.ietf.org/html.charters/midcom-charter.html Mailing Lists: General Discussion: midcom@ietf.org To Subscribe: midcom-request@ietf.org In Body: subscribe your_email_address Editor: Martin Stiemerling NEC Europe Ltd. Network Laboratories Kurfuersten-Anlage 36 69221 Heidelberg Germany Tel: +49 6221 90511-13 Email: stiemerling@netlab.nec.de" DESCRIPTION "This MIB module defines a set of basic objects for monitoring and configuring MIDCOM servers on middleboxes that support MIDCOM. Such middleboxes may be firewalls and network address translators. This MIB module does not implement portions of the MIDCOM protocol, but is the MIDCOM SERVER MIB module for monitoring instances of the MIDCOM protocol. There are three groups of managed objects defined by this MIB module: - objects describing the used middlebox resources on a per MIDCOM policy rule base - objects describing the used firewall configuration on a per MIDCOM policy rule base - objects providing statistical information about the MIDCOM MIB module Copyright (C) The Internet Society (2003). This version of this MIB module is part of RFC yyyy; see the RFC itself for full legal notices." -- RFC Ed.: replace yyyy with actual RFC number & remove this notice REVISION "200311240930Z" -- November 24, 2003 DESCRIPTION "Initial version, published as RFC yyyy." -- RFC Ed.: replace yyyy with actual RFC number & remove this notice ::= { mib-2 44445 } -- 44445 to be assigned by IANA. -- -- Some textual conventions for this module -- MidcomNatBindMode ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "An indication whether the NAT bind is an address bind or an address-port bind." SYNTAX INTEGER { addressBind (1), addressPortBind (2) } MidcomNatBindId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A unique ID that is assigned to each NAT bind by a NAT enabled device." SYNTAX Unsigned32 MidcomNatSessionId ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "A unique ID that is assigned to each NAT session by a NAT enabled device." SYNTAX Unsigned32 -- -- main components of this MIB module -- midcomSrvObjects OBJECT IDENTIFIER ::= { midcomSrvMIB 1 } midcomSrvConformance OBJECT IDENTIFIER ::= { midcomSrvMIB 2 } -- -- Resources group -- -- The MIDCOM server resources group contains a set of managed -- objects describing the currently used resources of the MIDCOM -- server. -- Some objects in this group have MAX-ACCESS read-write. -- midcomSrvResources OBJECT IDENTIFIER ::= { midcomSrvObjects 1 } -- -- The NAT resource table -- midcomSrvResourceTable OBJECT-TYPE SYNTAX SEQUENCE OF MidcomSrvMbEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists all used middlebox resources per MIDCOM policy rule. The midcomSrvMBTable is indexed by session owner, group index, rule index. " ::= { midcomSrvResources 1 } midcomSrvResourceEntry OBJECT-TYPE SYNTAX MidcomSrvMbEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describing a particular set of middlebox resources." INDEX { midcomSessionOwner, midcomGroupIndex, midcomRuleIndex } ::= { midcomSrvResourceTable 1 } MidcomSrvMbEntry ::= SEQUENCE { natSrcBindMode MidcomNatBindMode, natSrcBindId MidcomNatBindId, natDstBindMode MidcomNatBindMode, natDstBindId MidcomNatBindId, natSessionId1 MidcomNatSessionId, natSessionId2 MidcomNatSessionId, fwRuleId Unsigned32 -- more input required. } natSrcBindMode OBJECT-TYPE SYNTAX MidcomNatBindMode MAX-ACCESS read-only STATUS current DESCRIPTION "An indication whether this policy rule uses an address NAT bind or an address-port NAT bind for the source address." ::= { midcomSrvResourceEntry 4 } natSrcBindId OBJECT-TYPE SYNTAX MidcomNatBindId MAX-ACCESS read-only STATUS current DESCRIPTION "The allocated NAT bind for the source address used by this policy rule." ::= { midcomSrvResourceEntry 5 } natDstBindMode OBJECT-TYPE SYNTAX MidcomNatBindMode MAX-ACCESS read-only STATUS current DESCRIPTION "An indication whether this policy rule uses an address NAT bind or an address-port NAT bind for the destination address." ::= { midcomSrvResourceEntry 6 } natDstBindId OBJECT-TYPE SYNTAX MidcomNatBindId MAX-ACCESS read-only STATUS current DESCRIPTION "The allocated NAT bind for the destination address used by this policy rule." ::= { midcomSrvResourceEntry 7 } natSessionId1 OBJECT-TYPE SYNTAX MidcomNatSessionId MAX-ACCESS read-only STATUS current DESCRIPTION "A unique ID that is assigned to this specific NAT session at the NAT for this policy rule. A maximum of two NAT sessions can be assigned to one policy rule." ::= { midcomSrvResourceEntry 8 } natSessionId2 OBJECT-TYPE SYNTAX MidcomNatSessionId MAX-ACCESS read-only STATUS current DESCRIPTION "A unique ID that is assigned to this specific NAT session at the NAT for this policy rule. A maximum of two NAT sessions can be assigned to one policy rule." ::= { midcomSrvResourceEntry 9 } fwRuleId OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "A unique ID that is assigned to this specific firewall rule at the firewall for this policy rule." ::= { midcomSrvResourceEntry 10 } -- -- The firewall (fw) configuration table -- midcomSrvFwTable OBJECT-TYPE SYNTAX SEQUENCE OF MidcomSrvFwEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "This table lists the firewal configuration per interface. The midcomSrvFwTable is indexed by midcomifIndex " ::= { midcomSrvResources 2 } midcomSrvFwEntry OBJECT-TYPE SYNTAX MidcomSrvFwEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry describing a particular set of firewall resources." INDEX { midcomifIndex } ::= { midcomSrvFwTable 1 } MidcomSrvFwEntry ::= SEQUENCE { midcomifIndex InterfaceIndex, fwGroup SnmpAdminString, fwPriority Unsigned32 -- Wes, what should be here? } midcomifIndex OBJECT-TYPE SYNTAX InterfaceIndex MAX-ACCESS not-accessible STATUS current DESCRIPTION "The corresponding interface of the middlebox." ::= { midcomSrvFwEntry 1 } fwGroup OBJECT-TYPE SYNTAX SnmpAdminString MAX-ACCESS read-write STATUS current DESCRIPTION "The firewall rule group to which all firewall rules of the MIDCOM server are assigned." ::= { midcomSrvFwEntry 2 } fwPriority OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-write STATUS current DESCRIPTION "The priority assigned to all firewall rules of the MIDCOM server." ::= { midcomSrvFwEntry 3 } -- -- The statistics of the MIDCOM server -- midcomSrvStatistics OBJECT IDENTIFIER ::= { midcomSrvObjects 2 } midcomSrvSessionsRejected OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of rejected MIDCOM sessions. The MIDCOM MIB module can rejected sessions that are not authorized or unknown." ::= { midcomSrvStatistics 1 } midcomSrvSessionsCurrent OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently established MIDCOM sessions. This object equals the number of rows in the midcomSessionTable and gives the number of MIDCOM agents (=SNMP managers) that are allowed to read, create, or modify entries in the MIDCOM MIB module." ::= { midcomSrvStatistics 2 } midcomSrvSessionsTotal OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The summarized number of all current and past established MIDCOM sessions." ::= { midcomSrvStatistics 3 } midcomSrvRuleEntriesRejected OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of policy rule entries rejected without any further detailed reason. Policy rules may be rejected due to several reasons. This object counts policy rules rejected without any other specific reason." ::= { midcomSrvStatistics 4 } midcomSrvRulesIncomplete OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of policy rules that are incomplete. Policy rules are loaded via row entries in midcomRuleTable. This object counts policy rules that are loaded but not fully specified, i.e. the associated action (reserved or enable) is not set. Those rule are typically removed after sometime and counted." ::= { midcomSrvStatistics 5 } midcomSrvResRulesRejected OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of reserved policy rules that are loaded, but are rejected." ::= { midcomSrvStatistics 6 } midcomSrvResRulesFailed OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of failed reserved policy rules." ::= { midcomSrvStatistics 7 } midcomSrvResRulesActive OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently active reserved policy rules." ::= { midcomSrvStatistics 8 } midcomSrvResRulesExpired OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently expired reserved policy rules." ::= { midcomSrvStatistics 9 } midcomSrvResRulesTerminated OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently terminated reserved policy rules." ::= { midcomSrvStatistics 10 } midcomSrvResRulesOnRequest OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently on-request reserved policy rules." ::= { midcomSrvStatistics 11 } midcomSrvEnabledRulesRejected OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of rejected enabled policy rules." ::= { midcomSrvStatistics 12 } midcomSrvEnabledRulesFailed OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of failed enabled policy rules." ::= { midcomSrvStatistics 13 } midcomSrvEnabledRulesActive OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently active enabled policy rules." ::= { midcomSrvStatistics 14 } midcomSrvEnabledRulesExpired OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently expired enabled policy rules." ::= { midcomSrvStatistics 15 } midcomSrvEnabledRulesTerminated OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently terminated enabled policy rules." ::= { midcomSrvStatistics 16 } midcomSrvEnabledRulesOnRequest OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of currently on-request enabled policy rules." ::= { midcomSrvStatistics 17 } midcomSrvTransRejected OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of rejected transactions." ::= { midcomSrvStatistics 18 } midcomSrvTransFailed OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of failed transactions." ::= { midcomSrvStatistics 19 } midcomSrvTransCompleted OBJECT-TYPE SYNTAX Unsigned32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of completed transactions." ::= { midcomSrvStatistics 20 } -- -- Compliance statements -- midcomSrvCompliances OBJECT IDENTIFIER ::= { midcomSrvConformance 1 } midcomSrvGroups OBJECT IDENTIFIER ::= { midcomSrvConformance 2 } -- -- This is the MIDCOM server compliance defintion -- midcomSrvCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for SNMP entities that implement the MIDCOM SERVER MIB." MODULE -- this module MANDATORY-GROUPS { midcomSrvResourceGroup, midcomSrvFwGroup, midcomSrvStatisticsGroup } ::= { midcomSrvCompliances 1 } midcomSrvResourceGroup OBJECT-GROUP OBJECTS { natSrcBindMode, natSrcBindId, natDstBindMode, natDstBindId, natSessionId1, natSessionId2, fwRuleId } STATUS current DESCRIPTION "A collection of objects providing information about the used NAT resources." ::= { midcomSrvGroups 1 } midcomSrvFwGroup OBJECT-GROUP OBJECTS { fwGroup, fwPriority } STATUS current DESCRIPTION "A collection of objects providing information about the used firewall resources." ::= { midcomSrvGroups 2 } midcomSrvStatisticsGroup OBJECT-GROUP OBJECTS { midcomSrvSessionsRejected, midcomSrvSessionsCurrent, midcomSrvSessionsTotal, midcomSrvRuleEntriesRejected, midcomSrvRulesIncomplete, midcomSrvResRulesRejected, midcomSrvResRulesFailed, midcomSrvResRulesActive, midcomSrvResRulesExpired, midcomSrvResRulesTerminated, midcomSrvResRulesOnRequest, midcomSrvEnabledRulesRejected, midcomSrvEnabledRulesFailed, midcomSrvEnabledRulesActive, midcomSrvEnabledRulesExpired, midcomSrvEnabledRulesTerminated, midcomSrvEnabledRulesOnRequest, midcomSrvTransRejected, midcomSrvTransFailed, midcomSrvTransCompleted } STATUS current DESCRIPTION "A collection of objects providing statistical information about the MIDCOM server." ::= { midcomSrvGroups 3 } END -- -- Copyright (C) The Internet Society (2003). All Rights Reserved. -- -- This document and translations of it may be copied and furnished to -- others, and derivative works that comment on or otherwise explain it -- or assist in its implementation may be prepared, copied, published -- and distributed, in whole or in part, without restriction of any -- kind, provided that the above copyright notice and this paragraph are -- included on all such copies and derivative works. However, this -- document itself may not be modified in any way, such as by removing -- the copyright notice or references to the Internet Society or other -- Internet organizations, except as needed for the purpose of -- developing Internet standards in which case the procedures for -- copyrights defined in the Internet Standards process must be -- followed, or as required to translate it into languages other than -- English. -- The limited permissions granted above are perpetual and will not be -- revoked by the Internet Society or its successors or assigns. -- -- This document and the information contained herein is provided on an -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.