Tech-invite3GPPspaceIETF RFCsSIP
93929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 7658

Deprecation of MIB Module NAT-MIB: Managed Objects for Network Address Translators (NATs)

Pages: 62
Proposed Standard
Obsoletes:  4008
Part 1 of 3 – Pages 1 to 4
None   None   Next

Top   ToC   RFC7658 - Page 1
Internet Engineering Task Force (IETF)                      S. Perreault
Request for Comments: 7658                           Jive Communications
Obsoletes: 4008                                                  T. Tsou
Category: Standards Track                            Huawei Technologies
ISSN: 2070-1721                                             S. Sivakumar
                                                           Cisco Systems
                                                               T. Taylor
                                                    PT Taylor Consulting
                                                            October 2015


                   Deprecation of MIB Module NAT-MIB:
         Managed Objects for Network Address Translators (NATs)

Abstract

This memo deprecates MIB module NAT-MIB, a portion of the Management Information Base (MIB) previously defined in RFC 4008 for devices implementing Network Address Translator (NAT) function. A companion document defines a new version, NATV2-MIB, which responds to deficiencies found in module NAT-MIB and adds new capabilities. This document obsoletes RFC 4008. All MIB objects specified in RFC 4008 are included in this version unchanged with only the STATUS changed to deprecated. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7658.
Top   ToC   RFC7658 - Page 2
Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. The Internet-Standard Management Framework . . . . . . . . . 3 3. Motivation For Deprecating NAT-MIB . . . . . . . . . . . . . 3 3.1. Deprecated Features . . . . . . . . . . . . . . . . . . . 3 3.2. Desirable New Features . . . . . . . . . . . . . . . . . 4 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . 60 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 60 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 60 7.1. Normative References . . . . . . . . . . . . . . . . . . 60 7.2. Informative References . . . . . . . . . . . . . . . . . 61 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 62

1. Introduction

This memo deprecates a portion of the Management Information Base (MIB), MIB module NAT-MIB, for devices implementing the Network Address Translator (NAT) function. New implementations are encouraged to base themselves upon the second version of this MIB module, NATV2-MIB, defined in [RFC7659]. NAT types and their characteristics are defined in [RFC2663]. Traditional NAT function, in particular, is defined in [RFC3022]. Neither NAT-MIB nor NATV2-MIB addresses firewall functions, and neither can be used for configuring or monitoring them. Section 2 provides references to the Simple Network Management Protocol (SNMP) management framework, which was used as the basis for the original MIB module definition and its deprecation. Section 3 provides motivation for the deprecation of module NAT-MIB and its replacement by module NATV2-MIB. Section 4 has the complete NAT-MIB module definition, with the STATUS of all objects changed to
Top   ToC   RFC7658 - Page 3
   deprecated.  Section 5 describes security considerations relating to
   NAT-MIB, basically relying on the security considerations in
   [RFC4008] and [RFC7659].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   [RFC2119].

2. The Internet-Standard Management Framework

For a detailed overview of the documents that describe the current Internet-Standard Management Framework, please refer to section 7 of RFC 3410 [RFC3410]. Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. MIB objects are generally accessed through the Simple Network Management Protocol (SNMP). Objects in the MIB are defined using the mechanisms defined in the Structure of Management Information (SMI). This memo specifies a MIB module that is compliant to the SMIv2, which is described in STD 58, RFC 2578 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580 [RFC2580].

3. Motivation For Deprecating NAT-MIB

This section provides the motivation for deprecating the NAT-MIB module and its replacement by a new version.

3.1. Deprecated Features

All objects defined in [RFC4008] have been marked with "STATUS deprecated" for the following reasons: Writability: Experience with NAT has shown that implementations vary tremendously. The NAT algorithms and data structures have little in common across devices, and this results in wildly incompatible configuration parameters. Therefore, few implementations were ever able to claim full compliance. Lesson learned: the MIB should be read-only as much as possible.
Top   ToC   RFC7658 - Page 4
   Exposing configuration parameters:  Even in read-only mode, many
      configuration parameters were exposed by [RFC4008] (e.g.,
      timeouts).  Since implementations vary wildly in their sets of
      configuration parameters, few implementations could claim even
      basic compliance.

      Lesson learned: the NAT-MIB's purpose is not to expose
      configuration parameters.

   Interfaces:  Objects from [RFC4008] tie NAT state with interfaces
      (e.g., the interface table, the way map entries are grouped by
      interface).  Many NAT implementations either never keep track of
      the interface or associate a mapping to a set of interfaces.
      Since interfaces are at the core of [RFC4008], many NAT devices
      were unable to have a proper implementation.

      Lesson learned: NAT is a logical function that may be independent
      of interfaces.  Do not tie NAT state with interfaces.

   NAT service types:  [RFC4008] used four categories of NAT service:
      basicNat, napt, bidirectionalNat, twiceNat.  These are ill-
      defined, and many implementations either use different categories
      or do not use categories at all.

      Lesson learned: do not try to categorize NAT types.

   Limited transport protocol set:  The set of transport protocols was
      defined as: other, icmp, udp, and tcp.  Furthermore, the numeric
      values corresponding to those labels were arbitrary, without
      relation to the actual standard protocol numbers.  This meant that
      NAT implementations were limited to those protocols and were
      unable to expose information about DCCP, SCTP, etc.

      Lesson learned: use standard transport protocol numbers.

3.2. Desirable New Features

A number of desirable new features have been identified that are not present in NAT-MIB. See the latter part of Section 2 of [RFC7659].


(next page on part 2)

Next Section