Network Working Group D. Thaler
Request for Comments: 2667 Microsoft
Category: Standards Track August 1999
Network Working Group D. Thaler
Request for Comments: 2667 Microsoft
Category: Standards Track August 1999
IP Tunnel MIB
IP隧道MIB
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This memo defines a Management Information Base (MIB) for use with network management protocols in the Internet community. In particular, it describes managed objects used for managing tunnels of any type over IPv4 networks. Extension MIBs may be designed for managing protocol-specific objects. Likewise, extension MIBs may be designed for managing security-specific objects. This MIB does not support tunnels over non-IPv4 networks (including IPv6 networks). Management of such tunnels may be supported by other MIBs.
此备忘录定义了一个管理信息库(MIB),用于Internet社区中的网络管理协议。特别是,它描述了用于通过IPv4网络管理任何类型隧道的托管对象。扩展MIB可设计用于管理特定于协议的对象。同样,扩展MIB可以设计用于管理特定于安全性的对象。此MIB不支持非IPv4网络(包括IPv6网络)上的隧道。此类隧道的管理可由其他MIB支持。
Table of Contents
目录
1 Abstract ...................................................... 1
2 Introduction .................................................. 2
3 The SNMP Network Management Framework ......................... 2
4 Overview ...................................................... 3
4.1 Relationship to the Interfaces MIB .......................... 3
4.1.1 Layering Model ............................................ 3
4.1.2 ifRcvAddressTable ......................................... 4
4.1.3 ifEntry ................................................... 4
5 Definitions ................................................... 4
6 Security Considerations ...................................... 12
7 Acknowledgements ............................................. 12
8 Author's Address ............................................. 12
9 References ................................................... 13
10 Intellectual Property Notice ................................. 15
11 Full Copyright Statement ..................................... 16
1 Abstract ...................................................... 1
2 Introduction .................................................. 2
3 The SNMP Network Management Framework ......................... 2
4 Overview ...................................................... 3
4.1 Relationship to the Interfaces MIB .......................... 3
4.1.1 Layering Model ............................................ 3
4.1.2 ifRcvAddressTable ......................................... 4
4.1.3 ifEntry ................................................... 4
5 Definitions ................................................... 4
6 Security Considerations ...................................... 12
7 Acknowledgements ............................................. 12
8 Author's Address ............................................. 12
9 References ................................................... 13
10 Intellectual Property Notice ................................. 15
11 Full Copyright Statement ..................................... 16
Over the past several years, there have been a number of "tunneling" protocols specified by the IETF (see [28] for an early discussion of the model and examples). This document describes a Management Information Base (MIB) used for managing tunnels of any type over IPv4 networks, including GRE [16,17], IP-in-IP [18], Minimal Encapsulation [19], L2TP [20], PPTP [21], L2F [25], UDP (e.g., [26]), ATMP [22], and IPv6-in-IPv4 [27] tunnels.
在过去几年中,IETF规定了许多“隧道”协议(有关模型和示例的早期讨论,请参见[28])。本文档描述了用于管理IPv4网络上任何类型隧道的管理信息库(MIB),包括GRE[16,17]、IP-in-IP[18]、最小封装[19]、L2TP[20]、PPTP[21]、L2F[25]、UDP(例如,[26])、ATMP[22]和IPv6-in-IPv4[27]隧道。
Extension MIBs may be designed for managing protocol-specific objects. Likewise, extension MIBs may be designed for managing security-specific objects (e.g., IPSEC [24]), and traffic conditioner [29] objects. Finally, this MIB does not support tunnels over non-IPv4 networks (including IPv6 networks). Management of such tunnels may be supported by other MIBs.
扩展MIB可设计用于管理特定于协议的对象。类似地,扩展mib可设计用于管理特定于安全的对象(例如,IPSEC[24])和流量调节器[29]对象。最后,此MIB不支持非IPv4网络(包括IPv6网络)上的隧道。此类隧道的管理可由其他MIB支持。
The SNMP Management Framework presently consists of five major components:
SNMP管理框架目前由五个主要组件组成:
o An overall architecture, described in RFC 2571 [1].
o RFC 2571[1]中描述的总体架构。
o Mechanisms for describing and naming objects and events for the purpose of management. The first version of this Structure of Management Information (SMI) is called SMIv1 and described in STD 16, RFC 1155 [2], STD 16, RFC 1212 [3] and RFC 1215 [4]. The second version, called SMIv2, is described in STD 58, RFC 2578 [5], STD 58, RFC 2579 [6] and STD 58, RFC 2580 [7].
o 为管理目的描述和命名对象和事件的机制。这种管理信息结构(SMI)的第一个版本称为SMIv1,并在STD 16、RFC 1155[2]、STD 16、RFC 1212[3]和RFC 1215[4]中进行了描述。第二个版本称为SMIv2,在STD 58、RFC 2578[5]、STD 58、RFC 2579[6]和STD 58、RFC 2580[7]中进行了描述。
o Message protocols for transferring management information. The first version of the SNMP message protocol is called SNMPv1 and described in STD 15, RFC 1157 [8]. A second version of the SNMP message protocol, which is not an Internet standards track protocol, is called SNMPv2c and described in RFC 1901 [9] and RFC 1906 [10]. The third version of the message protocol is called SNMPv3 and described in RFC 1906 [10], RFC 2572 [11] and RFC 2574 [12].
o 用于传输管理信息的消息协议。SNMP消息协议的第一个版本称为SNMPv1,在STD 15、RFC 1157[8]中进行了描述。SNMP消息协议的第二个版本不是互联网标准跟踪协议,称为SNMPv2c,在RFC 1901[9]和RFC 1906[10]中进行了描述。消息协议的第三个版本称为SNMPv3,在RFC 1906[10]、RFC 2572[11]和RFC 2574[12]中进行了描述。
o Protocol operations for accessing management information. The first set of protocol operations and associated PDU formats is described in STD 15, RFC 1157 [8]. A second set of protocol operations and associated PDU formats is described in RFC 1905 [13].
o 访问管理信息的协议操作。STD 15、RFC 1157[8]中描述了第一组协议操作和相关PDU格式。RFC 1905[13]中描述了第二组协议操作和相关PDU格式。
o A set of fundamental applications described in RFC 2573 [14] and the view-based access control mechanism described in RFC 2575 [15].
o RFC 2573[14]中描述的一组基本应用程序和RFC 2575[15]中描述的基于视图的访问控制机制。
Managed objects are accessed via a virtual information store, termed the Management Information Base or MIB. Objects in the MIB are defined using the mechanisms defined in the SMI.
托管对象通过虚拟信息存储(称为管理信息库或MIB)进行访问。MIB中的对象是使用SMI中定义的机制定义的。
This memo specifies a MIB module that is compliant to the SMIv2. A MIB conforming to the SMIv1 can be produced through the appropriate translations. The resulting translated MIB must be semantically equivalent, except where objects or events are omitted because no translation is possible (use of Counter64). Some machine readable information in SMIv2 will be converted into textual descriptions in SMIv1 during the translation process. However, this loss of machine readable information is not considered to change the semantics of the MIB.
此备忘录指定了符合SMIv2的MIB模块。通过适当的翻译,可以生成符合SMIv1的MIB。生成的已翻译MIB必须在语义上等效,除非由于无法翻译而省略了对象或事件(使用计数器64)。在翻译过程中,SMIv2中的一些机器可读信息将转换为SMIv1中的文本描述。但是,这种机器可读信息的丢失不被认为会改变MIB的语义。
This MIB module contains two tables:
此MIB模块包含两个表:
o the Tunnel Interface Table, containing information on the tunnels known to a router; and
o 隧道接口表,包含路由器已知的隧道信息;和
o the Tunnel Config Table, which can be used for dynamic creation of tunnels, and also provides a mapping from endpoint addresses to the current interface index value.
o 隧道配置表,可用于动态创建隧道,还提供从端点地址到当前接口索引值的映射。
This section clarifies the relationship of this MIB to the Interfaces MIB [23]. Several areas of correlation are addressed in the following subsections. The implementor is referred to the Interfaces MIB document in order to understand the general intent of these areas.
本节阐明了此MIB与接口MIB的关系[23]。以下小节介绍了几个相关领域。实施者参考接口MIB文档,以了解这些领域的总体意图。
Each logical interface (physical or virtual) has an ifEntry in the Interfaces MIB [23]. Tunnels are handled by creating a logical interface (ifEntry) for each tunnel. These are then correlated, using the ifStack table of the Interfaces MIB, to those interfaces on which the local IPv4 addresses of the tunnels are configured. The basic model, therefore, looks something like this (for example):
每个逻辑接口(物理或虚拟)在接口MIB中都有一个ifEntry[23]。通过为每个隧道创建逻辑接口(ifEntry)来处理隧道。然后,使用接口MIB的ifStack表将它们与配置了隧道的本地IPv4地址的接口相关联。因此,基本模型如下所示(例如):
| | | | | |
+--+ +---+ +--+ +---+ | |
|IP-in-IP| | GRE | | |
| tunnel | | tunnel | | |
+--+ +---+ +--+ +---+ | |
| | | | | | <== attachment to underlying
+--+ +---------+ +----------+ +--+ interfaces, to be provided
| Physical interface | by ifStack table
+--------------------------------+
| | | | | |
+--+ +---+ +--+ +---+ | |
|IP-in-IP| | GRE | | |
| tunnel | | tunnel | | |
+--+ +---+ +--+ +---+ | |
| | | | | | <== attachment to underlying
+--+ +---------+ +----------+ +--+ interfaces, to be provided
| Physical interface | by ifStack table
+--------------------------------+
The ifRcvAddressTable usage is defined in the MIBs defining the encapsulation below the network layer. For example, if IP-in-IP encapsulation is being used, the ifRcvAddressTable is defined by IP-in-IP.
ifRcvAddressTable的使用在定义网络层下封装的MIB中定义。例如,如果正在使用IP-in-IP封装,则ifRcvAddressTable由IP-in-IP定义。
IfEntries are defined in the MIBs defining the encapsulation below the network layer. For example, if IP-in-IP encapsulation [20] is being used, the ifEntry is defined by IP-in-IP.
IfEntries在定义网络层下封装的MIB中定义。例如,如果使用IP-in-IP封装[20],则ifEntry由IP-in-IP定义。
The ifType of a tunnel should be set to "tunnel" (131). An entry in the IP Tunnel MIB will exist for every ifEntry with this ifType. An implementation of the IP Tunnel MIB may allow ifEntries to be created via the tunnelConfigTable. Creating a tunnel will also add an entry in the ifTable and in the tunnelIfTable, and deleting a tunnel will likewise delete the entry in the ifTable and the tunnelIfTable.
隧道的ifType应设置为“隧道”(131)。对于具有此ifType的每个ifEntry,IP隧道MIB中将存在一个条目。IP隧道MIB的实现可允许通过隧道配置表创建IFEntry。创建隧道还将在ifTable和tunnelIfTable中添加一个条目,删除隧道同样将删除ifTable和tunnelIfTable中的条目。
The use of two different tables in this MIB was an important design decision. Traditionally, ifIndex values are chosen by agents, and are permitted to change across restarts. Allowing row creation directly in the Tunnel Interface Table, indexed by ifIndex, would complicate row creation and/or cause interoperability problems (if each agent had special restrictions on ifIndex). Instead, a separate table is used which is indexed only by objects over which the manager has control. Namely, these are the addresses of the tunnel endpoints and the encapsulation protocol. Finally, an additional manager-chosen ID is used in the index to support protocols such as L2F which allow multiple tunnels between the same endpoints.
在这个MIB中使用两个不同的表是一个重要的设计决策。传统上,ifIndex值由代理选择,并允许在重新启动时更改。允许直接在隧道接口表中创建行(由ifIndex索引),将使行创建复杂化和/或导致互操作性问题(如果每个代理对ifIndex有特殊限制)。而是使用一个单独的表,该表仅由管理器控制的对象编制索引。即,这些是隧道端点和封装协议的地址。最后,在索引中使用一个额外的管理器选择ID来支持协议,如L2F,该协议允许在相同端点之间使用多个隧道。
TUNNEL-MIB DEFINITIONS ::= BEGIN
TUNNEL-MIB DEFINITIONS ::= BEGIN
IMPORTS MODULE-IDENTITY, OBJECT-TYPE, transmission, Integer32, IpAddress FROM SNMPv2-SMI RowStatus FROM SNMPv2-TC MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF ifIndex, InterfaceIndexOrZero FROM IF-MIB;
从SNMPv2导入模块标识、对象类型、传输、整数32、IP地址,从SNMPv2导入SMI RowStatus,从SNMPv2导入TC模块符合性,从SNMPv2 CONF iIndex导入对象组,从IF-MIB导入InterfaceIndexOrZero;
tunnelMIB MODULE-IDENTITY
LAST-UPDATED "9908241200Z" -- August 24, 1999
ORGANIZATION "IETF Interfaces MIB Working Group"
CONTACT-INFO
" Dave Thaler
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
EMail: dthaler@dthaler.microsoft.com"
DESCRIPTION
"The MIB module for management of IP Tunnels, independent of
the specific encapsulation scheme in use."
REVISION "9908241200Z" -- August 24, 1999
DESCRIPTION
"Initial version, published as RFC 2667."
::= { transmission 131 }
tunnelMIB MODULE-IDENTITY
LAST-UPDATED "9908241200Z" -- August 24, 1999
ORGANIZATION "IETF Interfaces MIB Working Group"
CONTACT-INFO
" Dave Thaler
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
EMail: dthaler@dthaler.microsoft.com"
DESCRIPTION
"The MIB module for management of IP Tunnels, independent of
the specific encapsulation scheme in use."
REVISION "9908241200Z" -- August 24, 1999
DESCRIPTION
"Initial version, published as RFC 2667."
::= { transmission 131 }
tunnelMIBObjects OBJECT IDENTIFIER ::= { tunnelMIB 1 }
tunnelMIBObjects OBJECT IDENTIFIER ::= { tunnelMIB 1 }
tunnel OBJECT IDENTIFIER ::= { tunnelMIBObjects 1 }
tunnel OBJECT IDENTIFIER ::= { tunnelMIBObjects 1 }
-- the IP Tunnel MIB-Group
--
-- a collection of objects providing information about
-- IP Tunnels
-- the IP Tunnel MIB-Group
--
-- a collection of objects providing information about
-- IP Tunnels
tunnelIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TunnelIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on configured
tunnels."
::= { tunnel 1 }
tunnelIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TunnelIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on configured
tunnels."
::= { tunnel 1 }
tunnelIfEntry OBJECT-TYPE SYNTAX TunnelIfEntry
TunnelIntry对象类型语法TunnelIntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular configured tunnel."
INDEX { ifIndex }
::= { tunnelIfTable 1 }
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular configured tunnel."
INDEX { ifIndex }
::= { tunnelIfTable 1 }
TunnelIfEntry ::= SEQUENCE {
tunnelIfLocalAddress IpAddress,
tunnelIfRemoteAddress IpAddress,
tunnelIfEncapsMethod INTEGER,
tunnelIfHopLimit Integer32,
tunnelIfSecurity INTEGER,
tunnelIfTOS Integer32
}
TunnelIfEntry ::= SEQUENCE {
tunnelIfLocalAddress IpAddress,
tunnelIfRemoteAddress IpAddress,
tunnelIfEncapsMethod INTEGER,
tunnelIfHopLimit Integer32,
tunnelIfSecurity INTEGER,
tunnelIfTOS Integer32
}
tunnelIfLocalAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address of the local endpoint of the tunnel (i.e., the
source address used in the outer IP header), or 0.0.0.0 if
unknown."
::= { tunnelIfEntry 1 }
tunnelIfLocalAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address of the local endpoint of the tunnel (i.e., the
source address used in the outer IP header), or 0.0.0.0 if
unknown."
::= { tunnelIfEntry 1 }
tunnelIfRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address of the remote endpoint of the tunnel (i.e., the
destination address used in the outer IP header), or 0.0.0.0
if unknown."
::= { tunnelIfEntry 2 }
tunnelIfRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The address of the remote endpoint of the tunnel (i.e., the
destination address used in the outer IP header), or 0.0.0.0
if unknown."
::= { tunnelIfEntry 2 }
tunnelIfEncapsMethod OBJECT-TYPE
SYNTAX INTEGER {
other(1), -- none of the following
direct(2), -- no intermediate header
gre(3), -- GRE encapsulation
minimal(4), -- Minimal encapsulation
l2tp(5), -- L2TP encapsulation
pptp(6), -- PPTP encapsulation
l2f(7), -- L2F encapsulation
udp(8), -- UDP encapsulation
atmp(9) -- ATMP encapsulation
tunnelIfEncapsMethod OBJECT-TYPE
SYNTAX INTEGER {
other(1), -- none of the following
direct(2), -- no intermediate header
gre(3), -- GRE encapsulation
minimal(4), -- Minimal encapsulation
l2tp(5), -- L2TP encapsulation
pptp(6), -- PPTP encapsulation
l2f(7), -- L2F encapsulation
udp(8), -- UDP encapsulation
atmp(9) -- ATMP encapsulation
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encapsulation method used by the tunnel. The value
direct indicates that the packet is encapsulated directly
within a normal IPv4 header, with no intermediate header,
and unicast to the remote tunnel endpoint (e.g., an RFC 2003
IP-in-IP tunnel, or an RFC 1933 IPv6-in-IPv4 tunnel). The
value minimal indicates that a Minimal Forwarding Header
(RFC 2004) is inserted between the outer header and the
payload packet. The value UDP indicates that the payload
packet is encapsulated within a normal UDP packet (e.g., RFC
1234). The remaining protocol-specific values indicate that
a header of the protocol of that name is inserted between
the outer header and the payload header."
::= { tunnelIfEntry 3 }
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The encapsulation method used by the tunnel. The value
direct indicates that the packet is encapsulated directly
within a normal IPv4 header, with no intermediate header,
and unicast to the remote tunnel endpoint (e.g., an RFC 2003
IP-in-IP tunnel, or an RFC 1933 IPv6-in-IPv4 tunnel). The
value minimal indicates that a Minimal Forwarding Header
(RFC 2004) is inserted between the outer header and the
payload packet. The value UDP indicates that the payload
packet is encapsulated within a normal UDP packet (e.g., RFC
1234). The remaining protocol-specific values indicate that
a header of the protocol of that name is inserted between
the outer header and the payload header."
::= { tunnelIfEntry 3 }
tunnelIfHopLimit OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The TTL to use in the outer IP header. A value of 0
indicates that the value is copied from the payload's
header."
::= { tunnelIfEntry 4 }
tunnelIfHopLimit OBJECT-TYPE
SYNTAX Integer32 (0..255)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The TTL to use in the outer IP header. A value of 0
indicates that the value is copied from the payload's
header."
::= { tunnelIfEntry 4 }
tunnelIfSecurity OBJECT-TYPE
SYNTAX INTEGER {
none(1), -- no security
ipsec(2), -- IPSEC security
other(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The method used by the tunnel to secure the outer IP
header. The value ipsec indicates that IPsec is used
between the tunnel endpoints for authentication or
encryption or both. More specific security-related
information may be available in a MIB for the security
protocol in use."
::= { tunnelIfEntry 5 }
tunnelIfSecurity OBJECT-TYPE
SYNTAX INTEGER {
none(1), -- no security
ipsec(2), -- IPSEC security
other(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The method used by the tunnel to secure the outer IP
header. The value ipsec indicates that IPsec is used
between the tunnel endpoints for authentication or
encryption or both. More specific security-related
information may be available in a MIB for the security
protocol in use."
::= { tunnelIfEntry 5 }
tunnelIfTOS OBJECT-TYPE SYNTAX Integer32 (-2..63) MAX-ACCESS read-write
tunnelIfTOS对象类型语法整数32(-2..63)MAX-ACCESS读写
STATUS current
DESCRIPTION
"The method used to set the high 6 bits of the TOS in the
outer IP header. A value of -1 indicates that the bits are
copied from the payload's header. A value of -2 indicates
that a traffic conditioner is invoked and more information
may be available in a traffic conditioner MIB. A value
between 0 and 63 inclusive indicates that the bit field is
set to the indicated value."
::= { tunnelIfEntry 6 }
STATUS current
DESCRIPTION
"The method used to set the high 6 bits of the TOS in the
outer IP header. A value of -1 indicates that the bits are
copied from the payload's header. A value of -2 indicates
that a traffic conditioner is invoked and more information
may be available in a traffic conditioner MIB. A value
between 0 and 63 inclusive indicates that the bit field is
set to the indicated value."
::= { tunnelIfEntry 6 }
tunnelConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TunnelConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on configured
tunnels. This table can be used to map a set of tunnel
endpoints to the associated ifIndex value. It can also be
used for row creation. Note that every row in the
tunnelIfTable with a fixed destination address should have a
corresponding row in the tunnelConfigTable, regardless of
whether it was created via SNMP."
::= { tunnel 2 }
tunnelConfigTable OBJECT-TYPE
SYNTAX SEQUENCE OF TunnelConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The (conceptual) table containing information on configured
tunnels. This table can be used to map a set of tunnel
endpoints to the associated ifIndex value. It can also be
used for row creation. Note that every row in the
tunnelIfTable with a fixed destination address should have a
corresponding row in the tunnelConfigTable, regardless of
whether it was created via SNMP."
::= { tunnel 2 }
tunnelConfigEntry OBJECT-TYPE
SYNTAX TunnelConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular configured tunnel."
INDEX { tunnelConfigLocalAddress,
tunnelConfigRemoteAddress,
tunnelConfigEncapsMethod,
tunnelConfigID }
::= { tunnelConfigTable 1 }
tunnelConfigEntry OBJECT-TYPE
SYNTAX TunnelConfigEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry (conceptual row) containing the information on a
particular configured tunnel."
INDEX { tunnelConfigLocalAddress,
tunnelConfigRemoteAddress,
tunnelConfigEncapsMethod,
tunnelConfigID }
::= { tunnelConfigTable 1 }
TunnelConfigEntry ::= SEQUENCE {
tunnelConfigLocalAddress IpAddress,
tunnelConfigRemoteAddress IpAddress,
tunnelConfigEncapsMethod INTEGER,
tunnelConfigID Integer32,
tunnelConfigIfIndex InterfaceIndexOrZero,
tunnelConfigStatus RowStatus
}
TunnelConfigEntry ::= SEQUENCE {
tunnelConfigLocalAddress IpAddress,
tunnelConfigRemoteAddress IpAddress,
tunnelConfigEncapsMethod INTEGER,
tunnelConfigID Integer32,
tunnelConfigIfIndex InterfaceIndexOrZero,
tunnelConfigStatus RowStatus
}
tunnelConfigLocalAddress OBJECT-TYPE
tunnelConfigLocalAddress对象类型
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The address of the local endpoint of the tunnel, or 0.0.0.0
if the device is free to choose any of its addresses at
tunnel establishment time."
::= { tunnelConfigEntry 1 }
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The address of the local endpoint of the tunnel, or 0.0.0.0
if the device is free to choose any of its addresses at
tunnel establishment time."
::= { tunnelConfigEntry 1 }
tunnelConfigRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The address of the remote endpoint of the tunnel."
::= { tunnelConfigEntry 2 }
tunnelConfigRemoteAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The address of the remote endpoint of the tunnel."
::= { tunnelConfigEntry 2 }
tunnelConfigEncapsMethod OBJECT-TYPE
SYNTAX INTEGER {
other(1), -- none of the following
direct(2), -- no intermediate header
gre(3), -- GRE encapsulation
minimal(4), -- Minimal encapsulation
l2tp(5), -- L2TP encapsulation
pptp(6), -- PPTP encapsulation
l2f(7), -- L2F encapsulation
udp(8), -- UDP encapsulation
atmp(9)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The encapsulation method used by the tunnel."
::= { tunnelConfigEntry 3 }
tunnelConfigEncapsMethod OBJECT-TYPE
SYNTAX INTEGER {
other(1), -- none of the following
direct(2), -- no intermediate header
gre(3), -- GRE encapsulation
minimal(4), -- Minimal encapsulation
l2tp(5), -- L2TP encapsulation
pptp(6), -- PPTP encapsulation
l2f(7), -- L2F encapsulation
udp(8), -- UDP encapsulation
atmp(9)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The encapsulation method used by the tunnel."
::= { tunnelConfigEntry 3 }
tunnelConfigID OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An identifier used to distinguish between multiple tunnels of the same encapsulation method, with the same endpoints. If the encapsulation protocol only allows one tunnel per set of endpoint addresses (such as for GRE or IP-in-IP), the value of this object is 1. For encapsulation methods (such as L2F) which allow multiple parallel tunnels, the manager is responsible for choosing any ID which does not conflict with an existing row, such as choosing a random number."
tunnelConfigID对象类型语法Integer32(1..2147483647)MAX-ACCESS不可访问状态当前描述“用于区分具有相同端点的相同封装方法的多个隧道的标识符。如果封装协议仅允许每组端点地址(如GRE或IP中的IP)使用一个隧道,此对象的值为1。对于允许多个并行隧道的封装方法(如L2F),管理器负责选择与现有行不冲突的任何ID,如选择随机数。”
::= { tunnelConfigEntry 4 }
::= { tunnelConfigEntry 4 }
tunnelConfigIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the value of tunnelConfigStatus for this row is active,
then this object contains the value of ifIndex corresponding
to the tunnel interface. A value of 0 is not legal in the
active state, and means that the interface index has not yet
been assigned."
::= { tunnelConfigEntry 5 }
tunnelConfigIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If the value of tunnelConfigStatus for this row is active,
then this object contains the value of ifIndex corresponding
to the tunnel interface. A value of 0 is not legal in the
active state, and means that the interface index has not yet
been assigned."
::= { tunnelConfigEntry 5 }
tunnelConfigStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The status of this row, by which new entries may be created, or old entries deleted from this table. The agent need not support setting this object to createAndWait or notInService since there are no other writable objects in this table, and writable objects in rows of corresponding tables such as the tunnelIfTable may be modified while this row is active.
tunnelConfigStatus对象类型语法RowStatus MAX-ACCESS读取创建状态当前描述此行的状态,通过该状态可以创建新条目,或从此表中删除旧条目。代理不需要支持将此对象设置为createAndWait或notInService,因为此表中没有其他可写对象,并且可以在该行处于活动状态时修改相应表(如tunnelIfTable)行中的可写对象。
To create a row in this table for an encapsulation method which does not support multiple parallel tunnels with the same endpoints, the management station should simply use a tunnelConfigID of 1, and set tunnelConfigStatus to createAndGo. For encapsulation methods such as L2F which allow multiple parallel tunnels, the management station may select a pseudo-random number to use as the tunnelConfigID and set tunnelConfigStatus to createAndGo. In the event that this ID is already in use and an inconsistentValue is returned in response to the set operation, the management station should simply select a new pseudo-random number and retry the operation.
要在此表中为不支持具有相同端点的多个并行隧道的封装方法创建一行,管理站只需使用tunnelConfigID为1,并将tunnelConfigStatus设置为createAndGo。对于允许多个并行隧道的封装方法(如L2F),管理站可以选择一个伪随机数作为tunnelConfigID,并将tunnelConfigStatus设置为createAndGo。如果此ID已在使用,并且响应set操作返回了不一致的值,则管理站只需选择一个新的伪随机数,然后重试该操作。
Creating a row in this table will cause an interface index to be assigned by the agent in an implementation-dependent manner, and corresponding rows will be instantiated in the ifTable and the tunnelIfTable. The status of this row will become active as soon as the agent assigns the interface index, regardless of whether the interface is operationally up.
在此表中创建一行将导致代理以依赖于实现的方式分配接口索引,相应的行将在ifTable和tunnelIfTable中实例化。代理分配接口索引后,该行的状态将立即变为活动状态,而不管接口是否处于运行状态。
Deleting a row in this table will likewise delete the
corresponding row in the ifTable and in the tunnelIfTable."
::= { tunnelConfigEntry 6 }
Deleting a row in this table will likewise delete the
corresponding row in the ifTable and in the tunnelIfTable."
::= { tunnelConfigEntry 6 }
-- conformance information
--一致性信息
tunnelMIBConformance
OBJECT IDENTIFIER ::= { tunnelMIB 2 }
tunnelMIBCompliances
OBJECT IDENTIFIER ::= { tunnelMIBConformance 1 }
tunnelMIBGroups OBJECT IDENTIFIER ::= { tunnelMIBConformance 2 }
tunnelMIBConformance
OBJECT IDENTIFIER ::= { tunnelMIB 2 }
tunnelMIBCompliances
OBJECT IDENTIFIER ::= { tunnelMIBConformance 1 }
tunnelMIBGroups OBJECT IDENTIFIER ::= { tunnelMIBConformance 2 }
-- compliance statements
--合规声明
tunnelMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the IP Tunnel MIB." MODULE -- this module MANDATORY-GROUPS { tunnelMIBBasicGroup }
tunnelMIBCompliance MODULE-COMPLIANCE状态当前描述“IP隧道MIB的符合性声明”。模块--此模块为必填项-GROUPS{tunnelMIBBasicGroup}
OBJECT tunnelIfHopLimit MIN-ACCESS read-only DESCRIPTION "Write access is not required."
对象tunnelIfHopLimit最小访问只读描述“不需要写访问。”
OBJECT tunnelIfTOS MIN-ACCESS read-only DESCRIPTION "Write access is not required."
对象隧道LIFTOS最小访问只读描述“不需要写入访问。”
OBJECT tunnelConfigStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { tunnelMIBCompliances 1 }
OBJECT tunnelConfigStatus
MIN-ACCESS read-only
DESCRIPTION
"Write access is not required."
::= { tunnelMIBCompliances 1 }
-- units of conformance
--一致性单位
tunnelMIBBasicGroup OBJECT-GROUP
OBJECTS { tunnelIfLocalAddress, tunnelIfRemoteAddress,
tunnelIfEncapsMethod, tunnelIfHopLimit, tunnelIfTOS,
tunnelIfSecurity, tunnelConfigIfIndex, tunnelConfigStatus }
STATUS current
DESCRIPTION
"A collection of objects to support basic management of IP
Tunnels."
::= { tunnelMIBGroups 1 }
tunnelMIBBasicGroup OBJECT-GROUP
OBJECTS { tunnelIfLocalAddress, tunnelIfRemoteAddress,
tunnelIfEncapsMethod, tunnelIfHopLimit, tunnelIfTOS,
tunnelIfSecurity, tunnelConfigIfIndex, tunnelConfigStatus }
STATUS current
DESCRIPTION
"A collection of objects to support basic management of IP
Tunnels."
::= { tunnelMIBGroups 1 }
END
终止
This MIB contains readable objects whose values provide information related to IP tunnel interfaces. There are also a number of objects that have a MAX-ACCESS clause of read-write and/or read-create, such as those which allow an administrator to dynamically configure tunnels.
此MIB包含可读对象,其值提供与IP隧道接口相关的信息。还有许多对象具有读写和/或读创建的MAX-ACCESS子句,例如允许管理员动态配置隧道的对象。
While unauthorized access to the readable objects is relatively innocuous, unauthorized access to the write-able objects could cause a denial of service, or could cause unauthorized creation and/or manipulation of tunnels. Hence, the support for SET operations in a non-secure environment without proper protection can have a negative effect on network operations.
尽管对可读对象的未授权访问相对无害,但对可写对象的未授权访问可能导致拒绝服务,或者可能导致未经授权创建和/或操纵隧道。因此,在没有适当保护的非安全环境中支持SET操作可能会对网络操作产生负面影响。
SNMPv1 by itself is such an insecure environment. Even if the network itself is secure (for example by using IPSec [24]), even then, there is no control as to who on the secure network is allowed to access and SET (change/create/delete) the objects in this MIB.
SNMPv1本身就是这样一个不安全的环境。即使网络本身是安全的(例如通过使用IPSec[24]),即使如此,也无法控制安全网络上的谁可以访问和设置(更改/创建/删除)此MIB中的对象。
It is recommended that the implementers consider the security features as provided by the SNMPv3 framework. Specifically, the use of the User-based Security Model RFC 2574 [12] and the View-based Access Control Model RFC 2575 [15] is recommended.
建议实施者考虑SNMPv3框架提供的安全特性。具体而言,建议使用基于用户的安全模型RFC 2574[12]和基于视图的访问控制模型RFC 2575[15]。
It is then a customer/user responsibility to ensure that the SNMP entity giving access to this MIB, is properly configured to give access to those objects only to those principals (users) that have legitimate rights to access them.
然后,客户/用户有责任确保授予此MIB访问权限的SNMP实体正确配置为仅授予具有合法访问权限的主体(用户)访问这些对象的权限。
This MIB module was updated based on feedback from the IETF's Interfaces MIB (IF-MIB) and Point-to-Point Protocol Extensions (PPPEXT) Working Groups.
该MIB模块根据IETF接口MIB(IF-MIB)和点对点协议扩展(PPPEXT)工作组的反馈进行更新。
Dave Thaler Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399
Dave Thaler微软公司华盛顿州雷德蒙微软大道一号98052-6399
Phone: +1 425 703 8835
EMail: dthaler@microsoft.com
Phone: +1 425 703 8835
EMail: dthaler@microsoft.com
[1] Wijnen, B., Harrington, D. and R. Presuhn, "An Architecture for Describing SNMP Management Frameworks", RFC 2571, April 1999.
[1] Wijnen,B.,Harrington,D.和R.Presuhn,“描述SNMP管理框架的体系结构”,RFC 2571,1999年4月。
[2] Rose, M. and K. McCloghrie, "Structure and Identification of Management Information for TCP/IP-based Internets", STD 16, RFC 1155, May 1990.
[2] Rose,M.和K.McCloghrie,“基于TCP/IP的互联网管理信息的结构和识别”,STD 16,RFC 1155,1990年5月。
[3] Rose, M. and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC 1212, March 1991.
[3] Rose,M.和K.McCloghrie,“简明MIB定义”,STD 16,RFC 1212,1991年3月。
[4] Rose, M., "A Convention for Defining Traps for use with the SNMP", RFC 1215, March 1991.
[4] Rose,M.“定义用于SNMP的陷阱的约定”,RFC1215,1991年3月。
[5] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Structure of Management Information Version 2 (SMIv2)", STD 58, RFC 2578, April 1999.
[5] McCloghrie,K.,Perkins,D.和J.Schoenwaeld,“管理信息的结构版本2(SMIv2)”,STD 58,RFC 2578,1999年4月。
[6] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Textual Conventions for SMIv2", STD 58, RFC 2579, April 1999.
[6] McCloghrie,K.,Perkins,D.和J.Schoenwaeld,“SMIv2的文本约定”,STD 58,RFC 2579,1999年4月。
[7] McCloghrie, K., Perkins, D. and J. Schoenwaelder, "Conformance Statements for SMIv2", STD 58, RFC 2580, April 1999.
[7] McCloghrie,K.,Perkins,D.和J.Schoenwaeld,“SMIv2的一致性声明”,STD 58,RFC 25801999年4月。
[8] Case, J., Fedor, M., Schoffstall, M. and J. Davin, "Simple Network Management Protocol", STD 15, RFC 1157, May 1990.
[8] Case,J.,Fedor,M.,Schoffstall,M.和J.Davin,“简单网络管理协议”,STD 15,RFC 1157,1990年5月。
[9] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Introduction to Community-based SNMPv2", RFC 1901, January 1996.
[9] Case,J.,McCloghrie,K.,Rose,M.和S.Waldbusser,“基于社区的SNMPv2简介”,RFC 19011996年1月。
[10] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1906, January 1996.
[10] Case,J.,McCloghrie,K.,Rose,M.和S.Waldbusser,“简单网络管理协议(SNMPv2)版本2的传输映射”,RFC 1906,1996年1月。
[11] Case, J., Harrington D., Presuhn R. and B. Wijnen, "Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)", RFC 2572, April 1999.
[11] Case,J.,Harrington D.,Presohn R.和B.Wijnen,“简单网络管理协议(SNMP)的消息处理和调度”,RFC 2572,1999年4月。
[12] Blumenthal, U. and B. Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)", RFC 2574, April 1999.
[12] Blumenthal,U.和B.Wijnen,“简单网络管理协议(SNMPv3)第3版的基于用户的安全模型(USM)”,RFC 2574,1999年4月。
[13] Case, J., McCloghrie, K., Rose, M. and S. Waldbusser, "Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)", RFC 1905, January 1996.
[13] Case,J.,McCloghrie,K.,Rose,M.和S.Waldbusser,“简单网络管理协议(SNMPv2)版本2的协议操作”,RFC 1905,1996年1月。
[14] Levi, D., Meyer, P. and B. Stewart, "SNMPv3 Applications", RFC 2573, April 1999.
[14] Levi,D.,Meyer,P.和B.Stewart,“SNMPv3应用”,RFC2573,1999年4月。
[15] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)", RFC 2575, April 1999.
[15] Wijnen,B.,Presuhn,R.和K.McCloghrie,“用于简单网络管理协议(SNMP)的基于视图的访问控制模型(VACM)”,RFC2575,1999年4月。
[16] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 1701, October 1994.
[16] Hanks,S.,Li,T.,Farinaci,D.和P.Traina,“通用路由封装(GRE)”,RFC 17011994年10月。
[17] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation over IPv4 networks", RFC 1702, October 1994.
[17] Hanks,S.,Li,T.,Farinaci,D.和P.Traina,“IPv4网络上的通用路由封装”,RFC 1702,1994年10月。
[18] Perkins, C., "IP Encapsulation within IP", RFC 2003, October 1996.
[18] Perkins,C.,“IP内的IP封装”,RFC 2003,1996年10月。
[19] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, October 1996.
[19] Perkins,C.,“IP内的最小封装”,RFC 2004,1996年10月。
[20] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G. and B. Palter, "Layer Two Tunneling Protocol "L2TP"", RFC 2661, August 1999.
[20] 汤斯利,W.,巴伦西亚,A.,鲁本斯,A.,帕尔,G.,佐恩,G.和B.帕尔特,“第二层隧道协议“L2TP”,RFC 26611999年8月。
[21] Hamzeh, K., Pall, G., Verthein, W. Taarud, J., Little, W. and G. Zorn, "Point-to-Point Tunneling Protocol", RFC 2637, July 1999.
[21] Hamzeh,K.,Pall,G.,Verthein,W.Taarud,J.,Little,W.和G.Zorn,“点对点隧道协议”,RFC 2637,1999年7月。
[22] Hamzeh, K., "Ascend Tunnel Management Protocol - ATMP", RFC 2107, February 1997.
[22] Hamzeh,K.,“上升隧道管理协议-ATMP”,RFC 2107,1997年2月。
[23] McCloghrie, K. and F. Kastenholz. "The Interfaces Group MIB using SMIv2", RFC 2233, November 1997.
[23] McCloghrie,K.和F.Kastenholz。“使用SMIv2的接口组MIB”,RFC 2233,1997年11月。
[24] R. Atkinson, "Security architecture for the internet protocol", RFC 2401, November 1998.
[24] R.Atkinson,“互联网协议的安全架构”,RFC 2401,1998年11月。
[25] Valencia, A., Littlewood, M. and T. Kolar. "Cisco Layer Two Forwarding (Protocol) "L2F"", RFC 2341, May 1998.
[25] 瓦伦西亚,A.,利特尔伍德,M.和T.科拉尔。“Cisco第二层转发(协议)”L2F“,RFC 23411998年5月。
[26] D. Provan, "Tunneling IPX Traffic through IP Networks", RFC 1234, June 1991.
[26] D.Provan,“通过IP网络传输IPX流量”,RFC 1234,1991年6月。
[27] Gilligan, R. and E. Nordmark. "Transition Mechanisms for IPv6 Hosts and Routers", RFC 1933, April 1996.
[27] 吉利根,R.和E.诺德马克。“IPv6主机和路由器的过渡机制”,RFC 1933,1996年4月。
[28] Woodburn, R. and D. Mills, "A Scheme for an Internet Encapsulation Protocol: Version 1", RFC 1241, July 1991.
[28] Woodburn,R.和D.Mills,“互联网封装协议的方案:版本1”,RFC 12411991年7月。
[29] Nichols, K., Blake, S., Baker, F. and D. Black. "Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers", RFC 2474, December 1998.
[29] 尼克斯,K.,布莱克,S.,贝克,F.和D.布莱克。“IPv4和IPv6标头中区分服务字段(DS字段)的定义”,RFC 2474,1998年12月。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF Secretariat."
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。”
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
Copyright (C) The Internet Society (1999). All Rights Reserved.
版权所有(C)互联网协会(1999年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。