110 likes | 187 Views
IETF 58 MIDCOM WG. MIDCOM MIB Status of analysis and Issues Design Team members: Editor MIDCOM MIB analysis: Mary Barnes mary.barnes@nortelnetworks.com Co-Editors Semantic Analysis: Martin Stiemerling stiemerling@ccrle.nec.de Juergen Quittek quittek@ccrle.nec.de
E N D
IETF 58 MIDCOM WG • MIDCOM MIB • Status of analysis and Issues • Design Team members: • Editor MIDCOM MIB analysis: Mary Barnes mary.barnes@nortelnetworks.com • Co-Editors Semantic Analysis: Martin Stiemerling stiemerling@ccrle.nec.de • Juergen Quittekquittek@ccrle.nec.de • Tom Taylortaylor@nortelnetworks.com • Co-author IPSec Policy Config MIB: Wes Hardaker hardaker@tislabs.com • Co-authorMIDCOM Framework, NAT-MIB:Pyda Srisureshsrisuresh@yahoo.com • Co-chair SNMPv3 WG: David Harrington dbh@enterasys.com
Overview • Current status of MIDCOM mib development : • Progress • Current drafts • Summary of current issues • Plans going Forward
Where are we? • Status of analysis and documentation • WG MIB analysis document updated to reflect the current status and additional detailed analysis of the applicability of the MIDCOM semantics to the NAT mib: • draft-ietf-midcom-mib-analysis-01.txt • NAT-MIB undergoing review by MIB doctor (Juergen Scjoenwaler). • Awaiting approval to split FW functionality from IPSec Policy Configuration MIB (IPSEC-POLICY-MIB).
Where are we? • Design team had regular conference calls (bi-weekly/monthly) to resolve the details: • Much work accomplished in terms of understanding the problem, but ended on some philosophical debates as to the best solution approach. • Many of the concerns relate to those discussed with regards to the semantics document. • Two MIB documents put forth by members of the design team with the intent of providing concrete details representing different views on the realization of the MIDCOM MIB: • draft-stiemerling-midcom-mib-00.txt • draft-srisuresh-midcom-mib-01.txt
Issues: • Primary difference in opinion on interfaces: • draft-srisuresh-midcom-mib-01.txt • MIDCOM transactions should control middlebox resources. • Interface between MIDCOM MIB and NAT or FW MIBs is explicit. • draft-stiemerling-midcom-mib-00.txt • MIDCOM Agent interface to NAT or FW is implicit via the MIDCOM MIB. • Interface between MIDCOM MIB and NAT or FW MIBs is implicit.
Original Issues: • Different views result in the following detailed differences: • draft-srisuresh-midcom-mib-01.txt • PRRs have a direct relationship to NAT Binds • PERs have a direct relationship to NAT sessions and FW rules. • Agent specific Group membership IDs should be assignable by agents. • draft-stiemerling-midcom-mib-00.txt • PRR is an abstract entity, related to binds and address maps. • PER is an abstract entity whose relationship goes beyond the NAT session. • Middlebox should assign and manage Group IDs for the agent.
Issue - Use of term “bind” and PRR • “bind” in NAT-MIB is not equivalent to “bind” in semantics. • NAT-MIB: • Bind means association of addresses is valid and does not change until it’s no longer in use. • NAT Address map reflects configuration, provides block of addresses. Binding of addresses stays unchanged for a period of time. • Problem: NAT-MIB bind is more than a reservation as it enables a packet flow determined by direction attribute in the natAddrBindTranslationEntity. • Proposal: PRR can be accomplished with a NAT bind by using a NONE/null direction value in the bitmap for natAddrBindTranslationEntity
Other Agreements: PER and IDs • PER and sessions: • PER has a direct relationship to NAT session: • Basically, if PER is successful, then you have a Session. • Assignment of Ids: • Agreement that Group Ids are unique per Middlebox • Midcom agent table to be indexed by the tuple of (SNMP session Id, Midcom agent index).
Issues related to Semantics • Semantics related (not impacting semantics doc, but requiring a position for the MIDCOM MIB): • Is wildcarding needed for A0? • Need wildcarding for port. • Port range: limit to a range of 2?
Issues between two MIBs: Remaining specific Differences on two MIBs: • Stiemerling: • Everything in one table • 26 managed objects • Serves for NAT and FW control • PER transaction performed by creating a row in table • Duplicates some information of NAT MIB • Srisuresh: • 6 tables for NAT plus at least 2 for FW • 82 managed objects for NAT • PER transaction performed by creating rows in 1-4 tables • No duplication of information from NAT and FW MIB.
Plans going Forward • Design team members to work through detailed merge. • Seek interim feedback from MIB doctors. • Behind schedule for current WG milestones, with the following new schedule proposed: