Internet Engineering Task Force (IETF)                      S. Perreault
Request for Comments: 7658                           Jive Communications
Obsoletes: 4008                                                  T. Tsou
Category: Standards Track                            Huawei Technologies
ISSN: 2070-1721                                             S. Sivakumar
                                                           Cisco Systems
                                                               T. Taylor
                                                    PT Taylor Consulting
                                                            October 2015


                   Deprecation of MIB Module NAT-MIB:
         Managed Objects for Network Address Translators (NATs)

Abstract

   This memo deprecates MIB module NAT-MIB, a portion of the Management
   Information Base (MIB) previously defined in RFC 4008 for devices
   implementing Network Address Translator (NAT) function.  A companion
   document defines a new version, NATV2-MIB, which responds to
   deficiencies found in module NAT-MIB and adds new capabilities.

   This document obsoletes RFC 4008.  All MIB objects specified in RFC
   4008 are included in this version unchanged with only the STATUS
   changed to deprecated.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7658.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  The Internet-Standard Management Framework  . . . . . . . . .   3
   3.  Motivation For Deprecating NAT-MIB  . . . . . . . . . . . . .   3
     3.1.  Deprecated Features . . . . . . . . . . . . . . . . . . .   3
     3.2.  Desirable New Features  . . . . . . . . . . . . . . . . .   4
   4.  Definitions . . . . . . . . . . . . . . . . . . . . . . . . .   5
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  60
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  60
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  60
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  60
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  61
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  62

1.  Introduction

   This memo deprecates a portion of the Management Information Base
   (MIB), MIB module NAT-MIB, for devices implementing the Network
   Address Translator (NAT) function.  New implementations are
   encouraged to base themselves upon the second version of this MIB
   module, NATV2-MIB, defined in [RFC7659].  NAT types and their
   characteristics are defined in [RFC2663].  Traditional NAT function,
   in particular, is defined in [RFC3022].  Neither NAT-MIB nor
   NATV2-MIB addresses firewall functions, and neither can be used for
   configuring or monitoring them.

   Section 2 provides references to the Simple Network Management
   Protocol (SNMP) management framework, which was used as the basis for
   the original MIB module definition and its deprecation.  Section 3
   provides motivation for the deprecation of module NAT-MIB and its
   replacement by module NATV2-MIB.  Section 4 has the complete NAT-MIB
   module definition, with the STATUS of all objects changed to

   deprecated.  Section 5 describes security considerations relating to
   NAT-MIB, basically relying on the security considerations in
   [RFC4008] and [RFC7659].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   [RFC2119].

2.  The Internet-Standard Management Framework

   For a detailed overview of the documents that describe the current
   Internet-Standard Management Framework, please refer to section 7 of
   RFC 3410 [RFC3410].

   Managed objects are accessed via a virtual information store, termed
   the Management Information Base or MIB.  MIB objects are generally
   accessed through the Simple Network Management Protocol (SNMP).
   Objects in the MIB are defined using the mechanisms defined in the
   Structure of Management Information (SMI).  This memo specifies a MIB
   module that is compliant to the SMIv2, which is described in STD 58,
   RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580
   [RFC2580].

3.  Motivation For Deprecating NAT-MIB

   This section provides the motivation for deprecating the NAT-MIB
   module and its replacement by a new version.

3.1.  Deprecated Features

   All objects defined in [RFC4008] have been marked with "STATUS
   deprecated" for the following reasons:

   Writability:  Experience with NAT has shown that implementations vary
      tremendously.  The NAT algorithms and data structures have little
      in common across devices, and this results in wildly incompatible
      configuration parameters.  Therefore, few implementations were
      ever able to claim full compliance.

      Lesson learned: the MIB should be read-only as much as possible.

   Exposing configuration parameters:  Even in read-only mode, many
      configuration parameters were exposed by [RFC4008] (e.g.,
      timeouts).  Since implementations vary wildly in their sets of
      configuration parameters, few implementations could claim even
      basic compliance.

      Lesson learned: the NAT-MIB's purpose is not to expose
      configuration parameters.

   Interfaces:  Objects from [RFC4008] tie NAT state with interfaces
      (e.g., the interface table, the way map entries are grouped by
      interface).  Many NAT implementations either never keep track of
      the interface or associate a mapping to a set of interfaces.
      Since interfaces are at the core of [RFC4008], many NAT devices
      were unable to have a proper implementation.

      Lesson learned: NAT is a logical function that may be independent
      of interfaces.  Do not tie NAT state with interfaces.

   NAT service types:  [RFC4008] used four categories of NAT service:
      basicNat, napt, bidirectionalNat, twiceNat.  These are ill-
      defined, and many implementations either use different categories
      or do not use categories at all.

      Lesson learned: do not try to categorize NAT types.

   Limited transport protocol set:  The set of transport protocols was
      defined as: other, icmp, udp, and tcp.  Furthermore, the numeric
      values corresponding to those labels were arbitrary, without
      relation to the actual standard protocol numbers.  This meant that
      NAT implementations were limited to those protocols and were
      unable to expose information about DCCP, SCTP, etc.

      Lesson learned: use standard transport protocol numbers.

3.2.  Desirable New Features

   A number of desirable new features have been identified that are not
   present in NAT-MIB.  See the latter part of Section 2 of [RFC7659].