RE: IPsecMIB

Tim Jenkins <TJenkins@CatenaNet.com> Mon, 17 April 2000 21:18 UTC

Message-ID: <310508EDF557D31188FA0050DA0A37522CC155@CAT01S2>
From: Tim Jenkins <TJenkins@CatenaNet.com>
To: 'S Ramakrishnan' <rks@cisco.com>, ipsec@lists.tislabs.com, Leo Temoshenko <leot@tivoli.com>
Subject: RE: IPsecMIB
Date: Mon, 17 Apr 2000 16:26:33 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

[I've removed l2tp from the response; feel free to add it back if
necessary...]

Here are my original comments on the first release of the flow monitoring
MIB. See the last full paragraph. Ted was the only one who responded to this
mail, other than some agreement that we need an application specific MIB.

==>

To: ipsec@lists.tislabs.com 
Subject: RE: I-D ACTION:draft-ietf-ipsec-flow-monitoring-mib-00.txt 
From: Tim Jenkins <tjenkins@TimeStep.com> 
Date: Thu, 25 Nov 1999 15:03:01 -0500 
Sender: owner-ipsec@lists.tislabs.com 

----------------------------------------------------------------------------
----

I have a number of concerns about this document, right from the process
level down to the detailed.

First, there was concern that the WG should even be doing an application
specific MIB for IPsec. I believe there was a vote, but unfortunately, I
can't remember the exact question that Ted asked, but I believe there was no
clear consensus on whatever it was.

Therefore, before I make further comments on this document, I'd like to
re-open the question (Ted, stop me if I shouldn't be doing this).

Should the WG be developing a VPN/Remote Access application-specific MIB for
IPsec? (I choose VPN/remote access since they seem to be the primary
applications for IPsec and they're the primary focus of this document, and
also of the one I presented over a year ago.)

If so, then we need to decide on the features and requirements. I believe
this document at a high level is a good start, but I also believe it is
missing some things that will make it useful for both VPN and remote access.

Then, if the WG is to proceed, I'd like to ask the authors of this document
to consider adapting this document to use the textual conventions, IPsec,
ISAKMP and IKE monitoring MIBs already in development, in addition to
modifying it to add any features the WG thinks are missing.

Comments?

Tim

---
Tim Jenkins                       TimeStep Corporation
tjenkins@timestep.com          http://www.timestep.com
(613) 599-3610 x4304               Fax: (613) 599-3617

<==

I also spoke publicly about this when it was first presented at an IETF.

> -----Original Message-----
> From: S Ramakrishnan [mailto:rks@cisco.com]
> Sent: Monday, April 17, 2000 4:00 PM
> To: l2tp@ipsec.org; ipsec@lists.tislabs.com; Tim Jenkins; Leo 
> Temoshenko
> Subject: Re: IPsecMIB
> 
> 
> Hi -
> 
>      From: Tim Jenkins
>      Sent: Monday, April 17, 2000 5:54 AM
> 
>     >Textual Conventions:
> <http://search.ietf.org/internet-drafts/draft-ietf-ipsec-doi-t
c-mib-02.txt>
   >IPsec Monitoring:
<http://search.ietf.org/internet-drafts/draft-ietf-ipsec-monitor-mib-02.txt>
   >ISAKMP DOI-ind. Monitoring:
<http://search.ietf.org/internet-drafts/draft-ietf-ipsec-isakmp-di-mon-mib-0
1.txt>
   >IKE Monitoring:
<http://search.ietf.org/internet-drafts/draft-ietf-ipsec-ike-monitor-mib-00.
txt>

   >The authors of the MIB referred to below were asked if they
   >were interested in modifying it to use the base MIBs listed above;
   >I don't recall there being any response to that.

I do not recall a discussion to this effect in this list.
Perhaps I missed it. What specific changes would
you suggest?

We have included the TCs proposed in
draft-ietf-ipsec-doi-tc-mib-02.txt.

Thanks,

Rk

IPsecMIB Ruchir
RE: IPsecMIB Tim Jenkins
Re: IPsecMIB S Ramakrishnan
RE: IPsecMIB Tim Jenkins