Re: [BEHAVE] Benoit Claise's Discuss on draft-perrault-behave-deprecate-nat-mib-v1-01: (with DISCUSS and COMMENT)
Benoit Claise <bclaise@cisco.com> Mon, 08 June 2015 19:18 UTC
Return-Path: <bclaise@cisco.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7C211B3238; Mon, 8 Jun 2015 12:18:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kWVprOcqIHiB; Mon, 8 Jun 2015 12:18:54 -0700 (PDT)
Received: from aer-iport-3.cisco.com (aer-iport-3.cisco.com [173.38.203.53]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C6371B31F5; Mon, 8 Jun 2015 12:18:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12346; q=dns/txt; s=iport; t=1433791133; x=1435000733; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=mkmBes3307rl7YIfKj8gPe5/60GqXIAuFuJNaLVYM1A=; b=ZG8E/UFDkwJTiO9I25g4dlQm8Hj0lhljZdy69BmUr/IOtHp/cYTs/yvx 14mybFtN4TgVeLZzPz8KzgobdoEh/igBXpG2Kkgs4lFwVnpPf6DO6jp1u ZuuTQYDYE/I0rbbCJRxJG4NFNielN5q7r1s131v1/9aLLeiuaEGI63Lw5 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DXAwBU6XVV/xbLJq1ZA4NkXr51CYFTDIUtSgKBYxQBAQEBAQEBgQqEIgEBAQQBAQE1NAIEBgEMBAsRBAEBCgwKBAQHCQMCAQIBDwYfCQgGAQwBBQIBARCIBAMSDcg4CAWFKgEBAQEBAQEBAQEBAQEBAQEBAQEBARMEi0OCTYFVAREBQRAHBgQHhBwBBIZuhHOEcIcdhQqBYIEvg3qCXoEOhz6DMYNZJGGBLRcVgT88MQGBC4E7AQEB
X-IronPort-AV: E=Sophos;i="5.13,574,1427760000"; d="scan'208";a="511354671"
Received: from aer-iport-nat.cisco.com (HELO aer-core-1.cisco.com) ([173.38.203.22]) by aer-iport-3.cisco.com with ESMTP; 08 Jun 2015 19:18:49 +0000
Received: from [10.60.67.85] (ams-bclaise-8914.cisco.com [10.60.67.85]) by aer-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id t58JInGu013439; Mon, 8 Jun 2015 19:18:49 GMT
Message-ID: <5575EA98.1080009@cisco.com>
Date: Mon, 08 Jun 2015 21:18:48 +0200
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: ietfdbh <ietfdbh@comcast.net>, 'The IESG' <iesg@ietf.org>
References: <20150608134117.30091.62236.idtracker@ietfa.amsl.com> <001501d0a20e$b31c90e0$1955b2a0$@comcast.net>
In-Reply-To: <001501d0a20e$b31c90e0$1955b2a0$@comcast.net>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/behave/ocltgvZXYDgIee198nPzHaPJliI>
Cc: simon.perreault@viagenie.ca, behave@ietf.org, tina.tsou.zouting@huawei.com, jouni.nospam@gmail.com, 'Spencer Dawkins' <spencerdawkins.ietf@gmail.com>, tom.taylor.stds@gmail.com
Subject: Re: [BEHAVE] Benoit Claise's Discuss on draft-perrault-behave-deprecate-nat-mib-v1-01: (with DISCUSS and COMMENT)
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2015 19:18:57 -0000
Thanks Dave for the background information. From this, I draw two conclusions: - RFC 4008 not implementated. Taking into account the MIB doctor discussion about the deprecated versus obsolete Textual Conventions, I removed the TC point from my DISCUSS (done already +/- 4 hours ago, so you should have received an updated DISCUSS. - you convinced me that the reference doesn't have to be normative. Thanks, Benoit > Hi, > > Some historical connect: > > The NAT-MIB was designed largely to be a NAT configuration MIB, back when it > was hoped the security features of snmpv3 would make configuration using > snmp more tenable. > In reality, the complexity of snmpv3 security, and the continuation of snmp > being listed as a top-ten vulnerability, discouraged people from moving to > it quickly, and the other difficulties of snmp led to Netconf being started, > and SNMP being identified a reasonable choice for monitoring, but not > configuration. > So the nat-mib was overtaken by events related to IETF management protocols. > > RFC4008 was treated as an individual submission after the NAT WG closed, and > it was reviewed by the MIDCOM WG. > The IESG questioned whether NAT-MIB should be an IETF standard, because the > official IETF stance at the time of IESG review was "NATs are bad; use > IPv6". > See comments for RFC4008. > So RFC4008 never had strong support from the IETF community. > > Other technologies for working with NATs, such as STUN and TURN and ICE, > were already gaining traction by the time the nat-mib was approved. > I think Jon Peterson was one of the transport ADs at the time, and working > for a service provider that used NATs. > I recall him saying when the mib module was approved that he was glad the > MIB work was finally completed so the community could focus on USEFUL > approaches to nats and stop dealing with the NAT-MIB module. > So the NAT-MIB was overtaken by NAT-related events even before its approval. > > NATs have had so many varieties, the behave WG was created to try to get all > the various NAT approaches to work together better. > The configuration approach of the nat-mib only addressed a subset of > available NATs. > So the nat-mib never got much implementation support, and the behave WG > checked and found few implementations. > > Re: normative > > I think this module can be deprecated without any reference to natv2. > I think having a reference to natv2 is useful (and informational). > I believe this relationship is not normative because the nat-mib can be > implemented without implementing natv2-mib. > The nat-mib can likewise be deprecated without implementing the natv2-mib. > > David Harrington > ietfdbh@comcast.net > +1-603-828-1401 > >> -----Original Message----- >> From: Behave [mailto:behave-bounces@ietf.org] On Behalf Of Benoit Claise >> Sent: Monday, June 08, 2015 9:41 AM >> To: The IESG >> Cc: simon.perreault@viagenie.ca; behave@ietf.org; >> tina.tsou.zouting@huawei.com; jouni.nospam@gmail.com; Spencer >> Dawkins; tom.taylor.stds@gmail.com >> Subject: [BEHAVE] Benoit Claise's Discuss on draft-perrault-behave- >> deprecate-nat-mib-v1-01: (with DISCUSS and COMMENT) >> >> Benoit Claise has entered the following ballot position for >> draft-perrault-behave-deprecate-nat-mib-v1-01: Discuss >> >> When responding, please keep the subject line intact and reply to all >> email addresses included in the To and CC lines. (Feel free to cut this >> introductory paragraph, however.) >> >> >> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html >> for more information about IESG DISCUSS and COMMENT positions. >> >> >> The document, along with other ballot positions, can be found here: >> https://datatracker.ietf.org/doc/draft-perrault-behave-deprecate-nat-mib- >> v1/ >> >> >> >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> This ballot is based on version 1 (I understand that v2 is on its way, >> waiting for the secretariat to post) >> >> - Before deprecating the following textual conventions, have you checked >> that they are not used in any MIB modules? >> >> NatProtocolType ::= TEXTUAL-CONVENTION >> STATUS deprecated >> DESCRIPTION >> "A list of protocols that support the network >> address translation. Inclusion of the values is >> not intended to imply that those protocols >> need to be supported. Any change in this >> TEXTUAL-CONVENTION should also be reflected in >> the definition of NatProtocolMap, which is a >> BITS representation of this." >> SYNTAX INTEGER { >> none (1), -- not specified >> other (2), -- none of the following >> icmp (3), >> udp (4), >> tcp (5) >> } >> >> NatProtocolMap ::= TEXTUAL-CONVENTION >> STATUS deprecated >> DESCRIPTION >> "A bitmap of protocol identifiers that support >> the network address translation. Any change >> in this TEXTUAL-CONVENTION should also be >> reflected in the definition of NatProtocolType." >> SYNTAX BITS { >> other (0), >> icmp (1), >> udp (2), >> tcp (3) >> } >> >> NatAddrMapId ::= TEXTUAL-CONVENTION >> DISPLAY-HINT "d" >> STATUS deprecated >> DESCRIPTION >> "A unique id that is assigned to each address map >> by a NAT enabled device." >> SYNTAX Unsigned32 (1..4294967295) >> >> NatBindIdOrZero ::= TEXTUAL-CONVENTION >> DISPLAY-HINT "d" >> STATUS deprecated >> DESCRIPTION >> "A unique id that is assigned to each bind by >> a NAT enabled device. The bind id will be zero >> in the case of a Symmetric NAT." >> SYNTAX Unsigned32 (0..4294967295) >> >> NatBindId ::= TEXTUAL-CONVENTION >> DISPLAY-HINT "d" >> STATUS deprecated >> DESCRIPTION >> "A unique id that is assigned to each bind by >> a NAT enabled device." >> SYNTAX Unsigned32 (1..4294967295) >> >> NatSessionId ::= TEXTUAL-CONVENTION >> DISPLAY-HINT "d" >> STATUS deprecated >> DESCRIPTION >> "A unique id that is assigned to each session by >> a NAT enabled device." >> SYNTAX Unsigned32 (1..4294967295) >> >> NatBindMode ::= TEXTUAL-CONVENTION >> STATUS deprecated >> DESCRIPTION >> "An indication of whether the bind is >> an address bind or an address port bind." >> SYNTAX INTEGER { >> addressBind (1), >> addressPortBind (2) >> } >> >> NatAssociationType ::= TEXTUAL-CONVENTION >> STATUS deprecated >> DESCRIPTION >> "An indication of whether the association is >> static or dynamic." >> SYNTAX INTEGER { >> static (1), >> dynamic (2) >> } >> >> NatTranslationEntity ::= TEXTUAL-CONVENTION >> STATUS deprecated >> DESCRIPTION >> "An indication of a) the direction of a session for >> which an address map entry, address bind or port >> bind is applicable, and b) the entity (source or >> destination) within the session that is subject to >> translation." >> SYNTAX BITS { >> inboundSrcEndPoint (0), >> outboundDstEndPoint(1), >> inboundDstEndPoint (2), >> outboundSrcEndPoint(3) >> } >> >> This is currently in discussion with the MIB doctors (draft authors are >> copied) >> At the very minimum, a note in an "operations considerations" section, >> explaining the implications of removing TCs, is required >> >> - This point above is in line with Jouni's feedback. >> * There is also no text about operational and management implications >> related to deprecation process of the old MIB and migrating to the >> new (to be approved) NAT-MIB-v2). >> >> - Let me check something. >> As noted by Jouni in his OPS-DIR review, >> >> The smilint reports the following warnings: >> >> * mibs/NAT-MIB:15: [5] {import-unused} warning: identifier >> `DisplayString' imported from module `SNMPv2-TC' is never used >> * mibs/NAT-MIB:27: [5] {import-unused} warning: identifier >> `InterfaceIndex' imported from module `IF-MIB' is never used >> * mibs/NAT-MIB:33: [5] {import-unused} warning: identifier >> `InetAddressPrefixLength' imported from module `INET-ADDRESS-MIB' is >> never used >> * mibs/NAT-MIB:36: [5] {import-unused} warning: identifier >> `VPNIdOrZero' imported from module `VPN-TC-STD-MIB' is never used >> >> My first reaction: it's normal because some objects are now deprecated >> (so not used any longer). >> After some analysis ... When comparing the imports lines from RFC4008 and >> the ones from this draft, those 4 lines magically appeared in this draft. >> Why? >> This asks the question: have you actually started your work from the MIB >> module extracted from RFC4008? >> >> I started to file a DISCUSS on that very point. However, I was so >> bothered by this difference that I actually compared the MIB modules >> extracted from this draft and from RFC4008. >> I see two occurences of this change: InetAddress (SIZE (4|16) versus >> InetAddress >> Why? >> >> Also, I wanted to check this condition in RFC4181: >> >> - On the other hand, the module name MUST NOT be changed (except to >> correct typographical errors), existing definitions (even obsolete >> ones) MUST NOT be removed from the MIB module, and descriptors and >> OBJECT IDENTIFIER values associated with existing definitions MUST >> NOT be changed or re-assigned. >> >> A word expressing that all RFC 4008 MIB objects are included in this >> version, but with only the STATUS changed to deprecated would be helpful. >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> - A point mentioned by Jouni that might be elevated to a DISCUSS (I let >> the security ADs decide): >> * The Security Considerations does not really discuss the security >> implications of the _deprecation_ itself e.g. there is going to be >> boxes out there that use the old MIB and others that use the new >> (to be approved) MIB and what that mixed environment might entail. >> There is some text that is getting to that direction (SNMPv2 and >> SNMPv3 security differences). >> >> * Since the new MIB is kind of requirement for replacing this old >> to be deprecated MIB, I would assume the draft-ietf-behave-nat-mib-v2 >> to be a _normative_ reference in this document. >> >> EDITORIAL >> >> * change the copyright date to 2015 >> >> * Unused Reference: 'RFC4787' is defined, but no reference was found >> in the text. >> >> * SNMP acronym is the first time used in Section 1 unexpaned. The >> acronym is expanded later in Section 2. Expand it already in >> Section 1. >> >> >> _______________________________________________ >> Behave mailing list >> Behave@ietf.org >> https://www.ietf.org/mailman/listinfo/behave > . >
- [BEHAVE] Benoit Claise's Discuss on draft-perraul… Benoit Claise
- [BEHAVE] Benoit Claise's Discuss on draft-perraul… Benoit Claise
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… ietfdbh
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Benoit Claise
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Tom Taylor
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Benoit Claise
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Spencer Dawkins at IETF
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Tom Taylor
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Benoit Claise
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Spencer Dawkins at IETF
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Benoit Claise
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Tom Taylor
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Tom Taylor
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Spencer Dawkins at IETF
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Spencer Dawkins at IETF
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Tom Taylor
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… ietfdbh
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… ietfdbh
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Tom Taylor
- Re: [BEHAVE] Benoit Claise's Discuss on draft-per… Spencer Dawkins at IETF