RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.txt
"Harrington, David" <dbh@enterasys.com> Fri, 14 May 2004 16:32 UTC
Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA02138 for <midcom-archive@odin.ietf.org>; Fri, 14 May 2004 12:32:07 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BOfXN-0003bV-SN for midcom-archive@odin.ietf.org; Fri, 14 May 2004 12:27:56 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4EGRr9E013854 for midcom-archive@odin.ietf.org; Fri, 14 May 2004 12:27:53 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BOfRg-0000AL-HA; Fri, 14 May 2004 12:22:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BOf8Y-00078y-Nl for midcom@optimus.ietf.org; Fri, 14 May 2004 12:02:19 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA29274 for <midcom@ietf.org>; Fri, 14 May 2004 12:02:11 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BOf8X-0004A1-BT for midcom@ietf.org; Fri, 14 May 2004 12:02:13 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BOf7U-0003gd-00 for midcom@ietf.org; Fri, 14 May 2004 12:01:09 -0400
Received: from gtfw2.enterasys.com ([12.25.1.128] ident=firewall-user) by ietf-mx with esmtp (Exim 4.12) id 1BOf76-0003DY-00 for midcom@ietf.org; Fri, 14 May 2004 12:00:47 -0400
Received: from NHROCAVG2.ets.enterasys.com (nhrocavg2.enterasys.com [134.141.79.124]) by gtfw2.enterasys.com (0.25.1/8.12.6) with ESMTP id i4EG0hTm004803 for <midcom@ietf.org>; Fri, 14 May 2004 12:00:43 -0400 (EDT)
Received: from NHROCCNC2.ets.enterasys.com ([134.141.79.124]) by 134.141.79.124 with InterScan Messaging Security Suite; Fri, 14 May 2004 12:00:43 -0400
Received: from source ([134.141.79.122]) by host ([134.141.79.124]) with SMTP; Fri, 14 May 2004 12:00:43 -0400
Received: from nhrocmbx1 ([134.141.79.104]) by NHROCCNC2.ets.enterasys.com with Microsoft SMTPSVC(5.0.2195.6713); Fri, 14 May 2004 12:00:43 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.txt
Date: Fri, 14 May 2004 12:00:36 -0400
Message-ID: <6D745637A7E0F94DA070743C55CDA9BA01AC34D9@NHROCMBX1.ets.enterasys.com>
Thread-Topic: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.txt
Thread-Index: AcQ4lTqQnF1W6JzSQUK3ugkwpfXgpABM1efw
From: "Harrington, David" <dbh@enterasys.com>
To: Chris@sip1.com, Melinda Shore <mshore@cisco.com>, midcom@ietf.org
X-OriginalArrivalTime: 14 May 2004 16:00:43.0298 (UTC) FILETIME=[9C61C020:01C439CC]
X-pstn-version: pmps:sps_win32_1_1_0c1 pase:2.5
X-pstn-levels: (C:96.5164 P:95.5390 R:95.9108 S:51.8425 )
X-pstn-settings: 4 (0.2500:0.2500) p:13 m:13 c:14 r:13
X-pstn-addresses: from <dbh@enterasys.com> forward (org good)
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: quoted-printable
Sender: midcom-admin@ietf.org
Errors-To: midcom-admin@ietf.org
X-BeenThere: midcom@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=unsubscribe>
List-Id: <midcom.ietf.org>
List-Post: <mailto:midcom@ietf.org>
List-Help: <mailto:midcom-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/midcom>, <mailto:midcom-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Hi, SNMPv3 was designed to handle circumstances like devices behind a NAT. The engineID concept separates the engine identity from its address. Multiple engines can exist at the same address (the view from the public side of a NAT) and each will have a different engineID. (The engineID also helps in the router situation where multiple unique interfaces share an SNMP agent; if the data sets originate from the same engineID, they can be recognized as being the same SNMP engine, even though their addresses are different). An SNMPv3 message contains two engineIDs - one to identify the "next-hop" snmp engine, and one to identify the originator of the data contained in the PDU. The proxy capability allows a proxy-capable engine to forward SNMP packets to different pre-configured contextEngineIDs and their associated addresses. The one place where SNMPv3 cannot easily solve the NAT problem is in the traditional approach to engine discovery. A discovery performed from the public side of a NAT won't work because the messages cannot be uniquely addressed to the managed entities within the NAT without scoping it through the public NAT address. A middlebox solution might be a viable approach. Recognize that configuring SNMPv3 proxies has a key distribution issue to be aware of. The public-to-NAT messaging requires shared SNMPv3 keys, and the NAT-to-private messaging will require SNMPv3 keys. A middlebox solution probably should not try to distribute shared keys that don't already exist in the NAT box, but should enable/disable SNMPv3 proxy forwarding as needed, given pre-shared security principals (users) and keys. The design of the SNMPv3 proxy application (RFC3417) supports this separation of the security credentials (the TargetParams table) and the addresses (TargetAddrTable), so a middlebox might be able to configure where SNMP packets should be forwarded without being allowed to know the security credentials necessary to do the forwarding. David Harrington dbh@enterasys.com co-chair, IETF SNMPv3 WG, concluded > -----Original Message----- > From: midcom-admin@ietf.org [mailto:midcom-admin@ietf.org] On > Behalf Of Christopher A. Martin > Sent: Wednesday, May 12, 2004 10:39 PM > To: 'Melinda Shore'; midcom@ietf.org > Subject: RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.txt > > Hi Melinda, everyone, > Its been awhile. You know I notice that we now have the mib draft and > was wondering, is it out of scope to look into a way to > manage via SNMP > via a middle-box using midcom to provide the mechanism for > nat traversal > for snmp? > > Just a thought...SNMP has always been the sore spot when it comes to > managing devices behind a nat. Before snmp v3 I would never have asked > rfor such functionality, but now... > > Any comments from anyone on this would be appreciated. > > _____ > > Christopher A. Martin > P.O. Box 1264 > Cedar Hill, Texas 75104 > _____ > > > DOMAINS.SIP1.COM > Select your option below by clicking on the icon. > RegisterForwardDomainAlert MonitoringWeb HostingSite > BuilderEmailTraffic > Blazer & Quick SizzleSSLInternet UtilitiesCopyright > > > > -----Original Message----- > From: midcom-admin@ietf.org [mailto:midcom-admin@ietf.org] On > Behalf Of > Melinda Shore > Sent: Wednesday, May 12, 2004 1:21 PM > To: midcom@ietf.org > Subject: Fwd: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.txt > > > This is our final deliverable - the end is in sight. Please give the > draft a careful read and post comments to the mailing list. > WG review > is, > perhaps, the most important stage in moving documents towards > publication, > and this is the time to catch and fix any problems that may > lurk in the > draft. > > Thanks, > > Melinda > > > Begin forwarded message: > > > From: Internet-Drafts@ietf.org > > Date: Wed May 12, 2004 9:41:12 AM US/Eastern > > To: i-d-announce@ietf.org > > Cc: midcom@ietf.org > > Subject: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.txt > > > > A New Internet-Draft is available from the on-line Internet-Drafts > > directories. > > This draft is a work item of the Middlebox Communication > Working Group > > > of the IETF. > > > > Title : Definitions of Managed Objects for Middlebox > > Communication > > Author(s) : J. Quittek, et al. > > Filename : draft-ietf-midcom-mib-01.txt > > Pages : 82 > > Date : 2004-5-11 > > > > This memo defines a portion of the Management Information Base (MIB) > > for use with network management protocols in the Internet > community. > > In particular, it describes a set of managed objects that allow > > configuring middleboxes, such as firewalls and network address > > translators, in order to enable communication across > these devices. > > The definitions of managed objects in this documents > follow closely > > the MIDCOM semantics defined in RFC XXXX. > > > > A URL for this Internet-Draft is: > > http://www.ietf.org/internet-drafts/draft-ietf-midcom-mib-01.txt > > > > To remove yourself from the I-D Announcement list, send a > message to > > i-d-announce-request@ietf.org with the word unsubscribe in > the body of > > > the message. You can also visit > > https://www1.ietf.org/mailman/listinfo/I-D-announce > > to change your subscription settings. > > > > > > Internet-Drafts are also available by anonymous FTP. Login with the > > username > > "anonymous" and a password of your e-mail address. After logging in, > > type "cd internet-drafts" and then > > "get draft-ietf-midcom-mib-01.txt". > > > > A list of Internet-Drafts directories can be found in > > http://www.ietf.org/shadow.html or > > ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > Internet-Drafts can also be obtained by e-mail. > > > > Send a message to: > > mailserv@ietf.org. > > In the body type: > > "FILE /internet-drafts/draft-ietf-midcom-mib-01.txt". > > > > NOTE: The mail server at ietf.org can return the document in > > MIME-encoded form by using the "mpack" utility. To use this > > feature, insert the command "ENCODING mime" before the "FILE" > > command. To decode the response(s), you will need "munpack" or > > a MIME-compliant mail reader. Different MIME-compliant mail > readers > > exhibit different behavior, especially when dealing with > > "multipart" MIME messages (i.e. documents which have been split > > up into multiple messages), so check your local documentation on > > how to manipulate these messages. > > > > > > Below is the data which will enable a MIME compliant mail reader > > implementation to automatically retrieve the ASCII version of the > > Internet-Draft. > > Content-Type: text/plain > > Content-ID: <2004-5-12094156.I-D@ietf.org> > > > _______________________________________________ > midcom mailing list > midcom@ietf.org > https://www1.ietf.org/mailman/listinfo/midcom > > > _______________________________________________ > midcom mailing list > midcom@ietf.org > https://www1.ietf.org/mailman/listinfo/midcom > > _______________________________________________ midcom mailing list midcom@ietf.org https://www1.ietf.org/mailman/listinfo/midcom
- [midcom] I-D ACTION:draft-ietf-midcom-mib-01.txt Internet-Drafts
- Fwd: [midcom] I-D ACTION:draft-ietf-midcom-mib-01… Melinda Shore
- RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.… Medhavi Bhatia
- RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.… Christopher A. Martin
- RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.… Martin Stiemerling
- RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.… Harrington, David
- Re: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.… Juergen Schoenwaelder
- RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.… Christopher A. Martin
- RE: [midcom] I-D ACTION:draft-ietf-midcom-mib-01.… Christopher A. Martin