-- Network Working Group D. Thaler
-- Request for Comments: 4087 Microsoft
-- Obsoletes: 2667 June 2005
-- Category: Standards Track-- IP Tunnel MIBTUNNEL-MIB DEFINITIONS::=BEGINIMPORTSMODULE-IDENTITY,OBJECT-TYPE, transmission,Integer32,IpAddressFROM SNMPv2-SMI -- [RFC2578]
RowStatus,StorageTypeFROM SNMPv2-TC -- [RFC2579]MODULE-COMPLIANCE,OBJECT-GROUPFROM SNMPv2-CONF -- [RFC2580]InetAddressType,InetAddressFROM INET-ADDRESS-MIB -- [RFC4001]IPv6FlowLabelOrAnyFROM IPV6-FLOW-LABEL-MIB -- [RFC3595]ifIndex,InterfaceIndexOrZeroFROM IF-MIB -- [RFC2863]IANAtunnelTypeFROM IANAifType-MIB;-- [IFTYPE]tunnelMIB MODULE-IDENTITYLAST-UPDATED"200505160000Z"-- May 16, 2005ORGANIZATION"IETF IP Version 6 (IPv6) Working Group"
CONTACT-INFO" Dave Thaler
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
EMail: dthaler@microsoft.com"DESCRIPTION"The MIB module for management of IP Tunnels,
independent of the specific encapsulation scheme in
use.
Copyright (C) The Internet Society (2005). This
version of this MIB module is part of RFC 4087; see
the RFC itself for full legal notices."REVISION"200505160000Z"-- May 16, 2005DESCRIPTION"IPv4-specific objects were deprecated, including
tunnelIfLocalAddress, tunnelIfRemoteAddress, the
tunnelConfigTable, and the tunnelMIBBasicGroup.
Added IP version-agnostic objects that should be used
instead, including tunnelIfAddressType,
tunnelIfLocalInetAddress, tunnelIfRemoteInetAddress,
the tunnelInetConfigTable, and the
tunnelIMIBInetGroup.
The new tunnelIfLocalInetAddress and
tunnelIfRemoteInetAddress objects are read-write,
rather than read-only.
Updated DESCRIPTION clauses of existing version-
agnostic objects (e.g., tunnelIfTOS) that contained
IPv4-specific text to cover IPv6 as well.
Added tunnelIfFlowLabel for tunnels over IPv6.
The encapsulation method was previously an INTEGER
type, and is now an IANA-maintained textual
convention.
Published as RFC 4087."REVISION"199908241200Z"-- August 24, 1999DESCRIPTION"Initial version, published as RFC 2667."::={ transmission 131}tunnelMIBObjects OBJECTIDENTIFIER::={ tunnelMIB 1}tunnel OBJECTIDENTIFIER::={ tunnelMIBObjects 1}
-- the IP Tunnel MIB-Group---- a collection of objects providing information about-- IP TunnelstunnelIfTable OBJECT-TYPESYNTAXSEQUENCEOF TunnelIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The (conceptual) table containing information on
configured tunnels."::={ tunnel 1}tunnelIfEntry OBJECT-TYPESYNTAX TunnelIfEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry (conceptual row) containing the information
on a particular configured tunnel."INDEX{ ifIndex }
::={ tunnelIfTable 1}
TunnelIfEntry ::=SEQUENCE{
tunnelIfLocalAddress IpAddress,-- deprecated
tunnelIfRemoteAddress IpAddress,-- deprecated
tunnelIfEncapsMethod IANAtunnelType,
tunnelIfHopLimit Integer32,
tunnelIfSecurity INTEGER,
tunnelIfTOS Integer32,
tunnelIfFlowLabel IPv6FlowLabelOrAny,
tunnelIfAddressType InetAddressType,
tunnelIfLocalInetAddress InetAddress,
tunnelIfRemoteInetAddress InetAddress,
tunnelIfEncapsLimit Integer32
}tunnelIfLocalAddress OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The address of the local endpoint of the tunnel
(i.e., the source address used in the outer IP
header), or 0.0.0.0 if unknown or if the tunnel is
over IPv6.
Since this object does not support IPv6, it is
deprecated in favor of tunnelIfLocalInetAddress."::={ tunnelIfEntry 1}tunnelIfRemoteAddress OBJECT-TYPESYNTAXIpAddressMAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"The address of the remote endpoint of the tunnel
(i.e., the destination address used in the outer IP
header), or 0.0.0.0 if unknown, or an IPv6 address, or
the tunnel is not a point-to-point link (e.g., if it
is a 6to4 tunnel).
Since this object does not support IPv6, it is
deprecated in favor of tunnelIfRemoteInetAddress."::={ tunnelIfEntry 2}tunnelIfEncapsMethod OBJECT-TYPESYNTAXIANAtunnelTypeMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The encapsulation method used by the tunnel."::={ tunnelIfEntry 3}tunnelIfHopLimit OBJECT-TYPESYNTAXInteger32(0 | 1..255)MAX-ACCESSread-write
STATUScurrentDESCRIPTION"The IPv4 TTL or IPv6 Hop Limit to use in the outer IP
header. A value of 0 indicates that the value is
copied from the payload's header."::={ tunnelIfEntry 4}tunnelIfSecurity OBJECT-TYPESYNTAXINTEGER{none(1),-- no securityipsec(2),-- IPsec securityother(3)}MAX-ACCESSread-onlySTATUScurrentDESCRIPTION"The method used by the tunnel to secure the outer IP
header. The value ipsec indicates that IPsec is used
between the tunnel endpoints for authentication or
encryption or both. More specific security-related
information may be available in a MIB module for the
security protocol in use."::={ tunnelIfEntry 5}tunnelIfTOS OBJECT-TYPESYNTAXInteger32(-2..63)MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The method used to set the high 6 bits (the
differentiated services codepoint) of the IPv4 TOS or
IPv6 Traffic Class in the outer IP header. A value of
-1 indicates that the bits are copied from the
payload's header. A value of -2 indicates that a
traffic conditioner is invoked and more information
may be available in a traffic conditioner MIB module.
A value between 0 and 63 inclusive indicates that the
bit field is set to the indicated value.
Note: instead of the name tunnelIfTOS, a better name
would have been tunnelIfDSCPMethod, but the existing
name appeared in RFC 2667 and existing objects cannot
be renamed."::={ tunnelIfEntry 6}tunnelIfFlowLabel OBJECT-TYPESYNTAXIPv6FlowLabelOrAnyMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The method used to set the IPv6 Flow Label value.
This object need not be present in rows where
tunnelIfAddressType indicates the tunnel is not over
IPv6. A value of -1 indicates that a traffic
conditioner is invoked and more information may be
available in a traffic conditioner MIB. Any other
value indicates that the Flow Label field is set to
the indicated value."
::={ tunnelIfEntry 7}tunnelIfAddressType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The type of address in the corresponding
tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress
objects."::={ tunnelIfEntry 8}tunnelIfLocalInetAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The address of the local endpoint of the tunnel
(i.e., the source address used in the outer IP
header). If the address is unknown, the value is
0.0.0.0 for IPv4 or :: for IPv6. The type of this
object is given by tunnelIfAddressType."::={ tunnelIfEntry 9}tunnelIfRemoteInetAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The address of the remote endpoint of the tunnel
(i.e., the destination address used in the outer IP
header). If the address is unknown or the tunnel is
not a point-to-point link (e.g., if it is a 6to4
tunnel), the value is 0.0.0.0 for tunnels over IPv4 or
:: for tunnels over IPv6. The type of this object is
given by tunnelIfAddressType."::={ tunnelIfEntry 10}tunnelIfEncapsLimit OBJECT-TYPESYNTAXInteger32(-1 | 0..255)
MAX-ACCESSread-writeSTATUScurrentDESCRIPTION"The maximum number of additional encapsulations
permitted for packets undergoing encapsulation at this
node. A value of -1 indicates that no limit is
present (except as a result of the packet size)."REFERENCE"RFC 2473, section 4.1.1"::={ tunnelIfEntry 11}tunnelConfigTable OBJECT-TYPESYNTAXSEQUENCEOF TunnelConfigEntry
MAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"The (conceptual) table containing information on
configured tunnels. This table can be used to map a
set of tunnel endpoints to the associated ifIndex
value. It can also be used for row creation. Note
that every row in the tunnelIfTable with a fixed IPv4
destination address should have a corresponding row in
the tunnelConfigTable, regardless of whether it was
created via SNMP.
Since this table does not support IPv6, it is
deprecated in favor of tunnelInetConfigTable."::={ tunnel 2}tunnelConfigEntry OBJECT-TYPESYNTAX TunnelConfigEntry
MAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"An entry (conceptual row) containing the information
on a particular configured tunnel.
Since this entry does not support IPv6, it is
deprecated in favor of tunnelInetConfigEntry."INDEX{ tunnelConfigLocalAddress,
tunnelConfigRemoteAddress,
tunnelConfigEncapsMethod,
tunnelConfigID }::={ tunnelConfigTable 1}
TunnelConfigEntry ::=SEQUENCE{
tunnelConfigLocalAddress IpAddress,
tunnelConfigRemoteAddress IpAddress,
tunnelConfigEncapsMethod IANAtunnelType,
tunnelConfigID Integer32,
tunnelConfigIfIndex InterfaceIndexOrZero,
tunnelConfigStatus RowStatus}tunnelConfigLocalAddress OBJECT-TYPESYNTAXIpAddressMAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"The address of the local endpoint of the tunnel, or
0.0.0.0 if the device is free to choose any of its
addresses at tunnel establishment time.
Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigLocalAddress."::={ tunnelConfigEntry 1}tunnelConfigRemoteAddress OBJECT-TYPESYNTAXIpAddressMAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"The address of the remote endpoint of the tunnel.
Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigRemoteAddress."::={ tunnelConfigEntry 2}tunnelConfigEncapsMethod OBJECT-TYPESYNTAXIANAtunnelTypeMAX-ACCESSnot-accessible
STATUSdeprecatedDESCRIPTION"The encapsulation method used by the tunnel.
Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigEncapsMethod."::={ tunnelConfigEntry 3}tunnelConfigID OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUSdeprecatedDESCRIPTION"An identifier used to distinguish between multiple
tunnels of the same encapsulation method, with the
same endpoints. If the encapsulation protocol only
allows one tunnel per set of endpoint addresses (such
as for GRE or IP-in-IP), the value of this object is
1. For encapsulation methods (such as L2F) which
allow multiple parallel tunnels, the manager is
responsible for choosing any ID which does not
conflict with an existing row, such as choosing a
random number.
Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigID."::={ tunnelConfigEntry 4}tunnelConfigIfIndex OBJECT-TYPESYNTAXInterfaceIndexOrZeroMAX-ACCESSread-onlySTATUSdeprecatedDESCRIPTION"If the value of tunnelConfigStatus for this row is
active, then this object contains the value of ifIndex
corresponding to the tunnel interface. A value of 0
is not legal in the active state, and means that the
interface index has not yet been assigned.
Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigIfIndex."::={ tunnelConfigEntry 5}
tunnelConfigStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUSdeprecatedDESCRIPTION"The status of this row, by which new entries may be
created, or old entries deleted from this table. The
agent need not support setting this object to
createAndWait or notInService since there are no other
writable objects in this table, and writable objects
in rows of corresponding tables such as the
tunnelIfTable may be modified while this row is
active.
To create a row in this table for an encapsulation
method which does not support multiple parallel
tunnels with the same endpoints, the management
station should simply use a tunnelConfigID of 1, and
set tunnelConfigStatus to createAndGo. For
encapsulation methods such as L2F which allow multiple
parallel tunnels, the management station may select a
pseudo-random number to use as the tunnelConfigID and
set tunnelConfigStatus to createAndGo. In the event
that this ID is already in use and an
inconsistentValue is returned in response to the set
operation, the management station should simply select
a new pseudo-random number and retry the operation.
Creating a row in this table will cause an interface
index to be assigned by the agent in an
implementation-dependent manner, and corresponding
rows will be instantiated in the ifTable and the
tunnelIfTable. The status of this row will become
active as soon as the agent assigns the interface
index, regardless of whether the interface is
operationally up.
Deleting a row in this table will likewise delete the
corresponding row in the ifTable and in the
tunnelIfTable.
Since this object does not support IPv6, it is
deprecated in favor of tunnelInetConfigStatus."::={ tunnelConfigEntry 6}tunnelInetConfigTable OBJECT-TYPE
SYNTAXSEQUENCEOF TunnelInetConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The (conceptual) table containing information on
configured tunnels. This table can be used to map a
set of tunnel endpoints to the associated ifIndex
value. It can also be used for row creation. Note
that every row in the tunnelIfTable with a fixed
destination address should have a corresponding row in
the tunnelInetConfigTable, regardless of whether it
was created via SNMP."::={ tunnel 3}tunnelInetConfigEntry OBJECT-TYPESYNTAX TunnelInetConfigEntry
MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An entry (conceptual row) containing the information
on a particular configured tunnel. Note that there is
a 128 subid maximum for object OIDs. Implementers
need to be aware that if the total number of octets in
tunnelInetConfigLocalAddress and
tunnelInetConfigRemoteAddress exceeds 110 then OIDs of
column instances in this table will have more than 128
sub-identifiers and cannot be accessed using SNMPv1,
SNMPv2c, or SNMPv3. In practice this is not expected
to be a problem since IPv4 and IPv6 addresses will not
cause the limit to be reached, but if other types are
supported by an agent, care must be taken to ensure
that the sum of the lengths do not cause the limit to
be exceeded."INDEX{ tunnelInetConfigAddressType,
tunnelInetConfigLocalAddress,
tunnelInetConfigRemoteAddress,
tunnelInetConfigEncapsMethod,
tunnelInetConfigID }::={ tunnelInetConfigTable 1}
TunnelInetConfigEntry ::=SEQUENCE{
tunnelInetConfigAddressType InetAddressType,
tunnelInetConfigLocalAddress InetAddress,
tunnelInetConfigRemoteAddress InetAddress,
tunnelInetConfigEncapsMethod IANAtunnelType,
tunnelInetConfigID Integer32,
tunnelInetConfigIfIndex InterfaceIndexOrZero,
tunnelInetConfigStatus RowStatus,
tunnelInetConfigStorageType StorageType}tunnelInetConfigAddressType OBJECT-TYPESYNTAXInetAddressTypeMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION
"The address type over which the tunnel encapsulates
packets."::={ tunnelInetConfigEntry 1}tunnelInetConfigLocalAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The address of the local endpoint of the tunnel, or
0.0.0.0 (for IPv4) or :: (for IPv6) if the device is
free to choose any of its addresses at tunnel
establishment time."::={ tunnelInetConfigEntry 2}tunnelInetConfigRemoteAddress OBJECT-TYPESYNTAXInetAddressMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION
"The address of the remote endpoint of the tunnel."::={ tunnelInetConfigEntry 3}tunnelInetConfigEncapsMethod OBJECT-TYPESYNTAXIANAtunnelTypeMAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"The encapsulation method used by the tunnel."::={ tunnelInetConfigEntry 4}tunnelInetConfigID OBJECT-TYPESYNTAXInteger32(1..2147483647)MAX-ACCESSnot-accessibleSTATUScurrentDESCRIPTION"An identifier used to distinguish between multiple
tunnels of the same encapsulation method, with the
same endpoints. If the encapsulation protocol only
allows one tunnel per set of endpoint addresses (such
as for GRE or IP-in-IP), the value of this object is
1. For encapsulation methods (such as L2F) which
allow multiple parallel tunnels, the manager is
responsible for choosing any ID which does not
conflict with an existing row, such as choosing a
random number."::={ tunnelInetConfigEntry 5}tunnelInetConfigIfIndex OBJECT-TYPESYNTAXInterfaceIndexOrZeroMAX-ACCESSread-onlySTATUScurrentDESCRIPTION"If the value of tunnelInetConfigStatus for this row
is active, then this object contains the value of
ifIndex corresponding to the tunnel interface. A
value of 0 is not legal in the active state, and means
that the interface index has not yet been assigned."
::={ tunnelInetConfigEntry 6}tunnelInetConfigStatus OBJECT-TYPESYNTAXRowStatusMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The status of this row, by which new entries may be
created, or old entries deleted from this table. The
agent need not support setting this object to
createAndWait or notInService since there are no other
writable objects in this table, and writable objects
in rows of corresponding tables such as the
tunnelIfTable may be modified while this row is
active.
To create a row in this table for an encapsulation
method which does not support multiple parallel
tunnels with the same endpoints, the management
station should simply use a tunnelInetConfigID of 1,
and set tunnelInetConfigStatus to createAndGo. For
encapsulation methods such as L2F which allow multiple
parallel tunnels, the management station may select a
pseudo-random number to use as the tunnelInetConfigID
and set tunnelInetConfigStatus to createAndGo. In the
event that this ID is already in use and an
inconsistentValue is returned in response to the set
operation, the management station should simply select
a new pseudo-random number and retry the operation.
Creating a row in this table will cause an interface
index to be assigned by the agent in an
implementation-dependent manner, and corresponding
rows will be instantiated in the ifTable and the
tunnelIfTable. The status of this row will become
active as soon as the agent assigns the interface
index, regardless of whether the interface is
operationally up.
Deleting a row in this table will likewise delete the
corresponding row in the ifTable and in the
tunnelIfTable."::={ tunnelInetConfigEntry 7}tunnelInetConfigStorageType OBJECT-TYPE
SYNTAXStorageTypeMAX-ACCESSread-createSTATUScurrentDESCRIPTION"The storage type of this row. If the row is
permanent(4), no objects in the row need be writable."::={ tunnelInetConfigEntry 8}-- conformance informationtunnelMIBConformance
OBJECTIDENTIFIER::={ tunnelMIB 2}tunnelMIBCompliances
OBJECTIDENTIFIER::={ tunnelMIBConformance 1}tunnelMIBGroups OBJECTIDENTIFIER::={ tunnelMIBConformance 2}
-- compliance statementstunnelMIBCompliance MODULE-COMPLIANCESTATUSdeprecatedDESCRIPTION"The (deprecated) IPv4-only compliance statement for
the IP Tunnel MIB.
This is deprecated in favor of
tunnelMIBInetFullCompliance and
tunnelMIBInetReadOnlyCompliance."MODULE-- this moduleMANDATORY-GROUPS{ tunnelMIBBasicGroup }OBJECT tunnelIfHopLimit
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT tunnelIfTOS
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT tunnelConfigStatus
MIN-ACCESSread-only
DESCRIPTION"Write access is not required."::={ tunnelMIBCompliances 1}tunnelMIBInetFullCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The full compliance statement for the IP Tunnel MIB."MODULE-- this moduleMANDATORY-GROUPS{ tunnelMIBInetGroup }OBJECT tunnelIfAddressType
SYNTAXInetAddressType{ ipv4(1), ipv6(2),
ipv4z(3), ipv6z(4)}DESCRIPTION
"An implementation is only required to support IPv4
and/or IPv6 addresses. An implementation only needs to
support the addresses it actually supports on the
device."::={ tunnelMIBCompliances 2}tunnelMIBInetReadOnlyCompliance MODULE-COMPLIANCESTATUScurrentDESCRIPTION"The read-only compliance statement for the IP Tunnel
MIB."MODULE-- this moduleMANDATORY-GROUPS{ tunnelMIBInetGroup }OBJECT tunnelIfHopLimit
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT tunnelIfTOS
MIN-ACCESSread-onlyDESCRIPTION
"Write access is not required."OBJECT tunnelIfFlowLabel
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT tunnelIfAddressType
SYNTAXInetAddressType{ ipv4(1), ipv6(2),
ipv4z(3), ipv6z(4)}MIN-ACCESSread-onlyDESCRIPTION"Write access is not required.
An implementation is only required to support IPv4
and/or IPv6 addresses. An implementation only needs to
support the addresses it actually supports on the
device."OBJECT tunnelIfLocalInetAddress
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT tunnelIfRemoteInetAddress
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT tunnelIfEncapsLimit
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."OBJECT tunnelInetConfigStatus
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required, and active is the only
status that needs to be supported."OBJECT tunnelInetConfigStorageType
MIN-ACCESSread-onlyDESCRIPTION"Write access is not required."
::={ tunnelMIBCompliances 3}-- units of conformancetunnelMIBBasicGroup OBJECT-GROUPOBJECTS{ tunnelIfLocalAddress, tunnelIfRemoteAddress,
tunnelIfEncapsMethod, tunnelIfHopLimit, tunnelIfTOS,
tunnelIfSecurity, tunnelConfigIfIndex, tunnelConfigStatus }STATUSdeprecatedDESCRIPTION"A collection of objects to support basic management
of IPv4 Tunnels. Since this group cannot support
IPv6, it is deprecated in favor of
tunnelMIBInetGroup."::={ tunnelMIBGroups 1}tunnelMIBInetGroup OBJECT-GROUPOBJECTS{ tunnelIfAddressType, tunnelIfLocalInetAddress,
tunnelIfRemoteInetAddress, tunnelIfEncapsMethod,
tunnelIfEncapsLimit,
tunnelIfHopLimit, tunnelIfTOS, tunnelIfFlowLabel,
tunnelIfSecurity, tunnelInetConfigIfIndex,
tunnelInetConfigStatus, tunnelInetConfigStorageType }STATUScurrentDESCRIPTION"A collection of objects to support basic management
of IPv4 and IPv6 Tunnels."::={ tunnelMIBGroups 2}END