Re: [midcom] RE: Last Call: 'Definitions of Managed Objects for Middlebox Communication' to Proposed Standard (draft-ietf-midcom-mib)

Pyda Srisuresh <> Mon, 28 August 2006 06:16 UTC

Received: from [] ( by with esmtp (Exim 4.43) id 1GHaQG-0005xB-7I; Mon, 28 Aug 2006 02:16:36 -0400
Received: from [] ( by with esmtp (Exim 4.43) id 1GHaPl-0005JL-D2 for; Mon, 28 Aug 2006 02:16:05 -0400
Received: from ([]) by with smtp (Exim 4.43) id 1GHaAZ-0007PU-BA for; Mon, 28 Aug 2006 02:00:26 -0400
Received: (qmail 4181 invoked by uid 60001); 28 Aug 2006 06:00:20 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=bEGI9qbfc9loFCvxaT4C7erE4UVwTSdDuD/pw0Ik5gt5ut+eASO7QOON8AsU49MPkflk6y7IaogAEoxnJKlm0jaW4Et6qc5/1tT3NCjzZMn8P5isCYjElA8a8K9YYTYiGtO7bx2u76XU8BKrUP4nNaJ85m+p9FoBu1pbK+HN57w= ;
Message-ID: <>
Received: from [] by via HTTP; Sun, 27 Aug 2006 23:00:20 PDT
Date: Sun, 27 Aug 2006 23:00:20 -0700 (PDT)
From: Pyda Srisuresh <>
Subject: Re: [midcom] RE: Last Call: 'Definitions of Managed Objects for Middlebox Communication' to Proposed Standard (draft-ietf-midcom-mib)
To: "Romascanu, Dan \(Dan\)" <>,,
In-Reply-To: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 20f22c03b5c66958bff5ef54fcda6e48
X-Mailman-Version: 2.1.5
Precedence: list
List-Unsubscribe: <>, <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>


Thank you for your detailed comments. Sorry for the delayed response. I was
away on vacation and just got back. Please see my responses below inline.


--- "Romascanu, Dan (Dan)" <> wrote:

> 1. Is the 'strict' SNMP terminology intentionally avoided in Section 4.2
> and associated diagrams, and why? Meaning why do we say 'SNMP get
> message' instead of 'SNMP GetRequest PDU', etc. ?

[suresh] The objective of section 4.2 was essentially to indicate how the
MIDCOM transactions can be mapped to SNMP. I.e., make the description of 
MIDCOM transactions to SNMP mapping easy to underdtand. Terms like "SNMP get
message" and "SNMP put message" are simply easier for the reader to relate
while talking about transactions.

> 2. Section 5.3.1
> > The MIDCOM MIB module does not require a middlebox to implement
>    further specific MIB modules for supported middlebox functions, such
>    as, for example, the NAT MIB module [RFC4008].
> This should probably be 'further specific middlebox (NAT devices,
> firewall) MIB modules'
>    as, for example, the NAT MIB module [RFC4008].
[suresh] OK; with a minor tweak to your suggested text as follows.
s/"(NAT devices, firewall)"/"(NAT, Firewll)/

> 3. Object midcomRuleAdminStatus
> >     midcomRuleAdminStatus OBJECT-TYPE
>        SYNTAX      INTEGER {
>                        reserve(1),
>                        enable(2),
>                        notSet(3)
>                    }
> ...
>  When retrieved, the object returns the last set value. If
>             no value has been set, it returns one of the two possible
>             values."
>        DEFVAL { notSet }
> I do not understand what are the 'two possible values'. What happens of
> a retrieval happens before the object is set for the first time? 
[suresh] Oops... Will change the text to read as follows.

When retrieved, the object returns the last set value. If
no value has been set, it returns the default value of notset(3).

> 4. Several DESCRIPTION clauses (e.g. midcomRuleAdminStatus,
> midcomRuleStorageType) include SNMP-specific error messages when
> describing the behavior of the object. This is OK, as the MIDCOM-MIB is
> designed to be used with SNMP as MIDCOM protocol, yet I would include a
> note on this subject because this is not customary within other MIB
> documents which are written with a protocol-independent orientation. 
[suresh] I will leave to Juergen or Martin to comment on this.

> 5. What happens with the object midcomRuleObjectTime when
> midcomRuleObjectType is permanent(4)? The DESCRIPTION clause of the type
> object suggests that time is read-only. With DEFVAL 0 this means
> automatic destruction of the row at the end of the transaction. Is this
> the desired behavior, or did I mis-understand something? 

[suresh] Yes, I believe, that is the desired behaviour. 

Note, however, the DESCRIPTION for midcomRuleStorageType says that attempts to
set this object to permanent will always fail with an inconsistentValue error.
And, the default value for this object is volatile(2).

> 6. I do not feel comfortable with the DESCRIPTION clause of
> midcomRuleError RECOMMENDing values for this object without defining
> what behavior each message is supposed to cover. This type of object is
> not interoperable, and this would be made clear if it was said that
> these are examples rather than RECOMMENDations. 
[suresh] I am OK with listing the error strings as examples, rather than as
recommendations. I will leave to Juergen or Martin to further comment on this.

> 7. Another side-effect of the midcomRuleObjectType being permanent(4) is
> that the permanent rules cannot be applied to interfaces, so they can be
> only global. Same about transport protocol and other read-write objects.
[suresh] As I said earlier, attempts to set midcomRuleStorageType to permanent
will always fail with an inconsistentValue error.

> 8 . There is no DEFVAL for midcomRuleFlowDirection 
[suresh] Right, that was intentional.

> 9. 
> >          Valid values for midcomRuleTransportProtocol
>             other than zero are defined at:
> Does this need a new type of registry from IANA? There is nothing in the
> IANA considerations about this. 

[suresh] Well, nothing specific to MIDCOM MIB per se. IANA assigns IP protocol
numbers independently, right.
> 10. What notification needs to be sent when midcomConfigIfEnabled is set
> to false? Neither the DESCRIPTION of the object nor the one of the
> notifications do provide any clue. 
[suresh] The DESCRIPTION for midcomConfigIfEnabled does say the following.

   this object to false(2) immediately stops middlebox
   support at the indexed IP interface.  This implies that
   all policy rules that use NAT or firewall resources at
   the indexed IP interface are terminated immediately.
   In this case, The MIDCOM agent MUST send notifications
   to all MIDCOM clients that have access to one of the
   terminated rules.

As for the rule termination event, please refer section 7.9.


> > -----Original Message-----
> > From: The IESG [] 
> > Sent: Thursday, August 03, 2006 8:09 PM
> > To: IETF-Announce
> > Cc:
> > Subject: Last Call: 'Definitions of Managed Objects for 
> > Middlebox Communication' to Proposed Standard (draft-ietf-midcom-mib) 
> > 
> > The IESG has received a request from the Middlebox 
> > Communication WG to consider  the following document:
> > 
> > - 'Definitions of Managed Objects for Middlebox Communication '
> >    <draft-ietf-midcom-mib-08.txt> as a Proposed Standard
> > 
> > The IESG plans to make a decision in the next few weeks, and 
> > solicits final comments on this action.  Please send any 
> > comments to the or mailing lists 
> > by 2006-08-17.
> > 
> > The file can be obtained via
> >
> > 
> > 
> > _______________________________________________
> > IETF-Announce mailing list
> >
> >
> > 
> _______________________________________________
> midcom mailing list

midcom mailing list