1
TUNNEL-MIB DEFINITIONS ::= BEGIN
4
MODULE-IDENTITY, OBJECT-TYPE, transmission,
5
Integer32, IpAddress FROM SNMPv2-SMI -- [RFC2578]
7
RowStatus, StorageType FROM SNMPv2-TC -- [RFC2579]
10
OBJECT-GROUP FROM SNMPv2-CONF -- [RFC2580]
13
InetAddress FROM INET-ADDRESS-MIB -- [RFC4001]
15
IPv6FlowLabelOrAny FROM IPV6-FLOW-LABEL-MIB -- [RFC3595]
18
InterfaceIndexOrZero FROM IF-MIB -- [RFC2863]
20
IANAtunnelType FROM IANAifType-MIB; -- [IFTYPE]
22
tunnelMIB MODULE-IDENTITY
23
LAST-UPDATED "200505160000Z" -- May 16, 2005
24
ORGANIZATION "IETF IP Version 6 (IPv6) Working Group"
29
Redmond, WA 98052-6399
30
EMail: dthaler@microsoft.com"
32
"The MIB module for management of IP Tunnels,
33
independent of the specific encapsulation scheme in
36
Copyright (C) The Internet Society (2005). This
37
version of this MIB module is part of RFC 4087; see
38
the RFC itself for full legal notices."
42
REVISION "200505160000Z" -- May 16, 2005
44
"IPv4-specific objects were deprecated, including
45
tunnelIfLocalAddress, tunnelIfRemoteAddress, the
46
tunnelConfigTable, and the tunnelMIBBasicGroup.
48
Added IP version-agnostic objects that should be used
49
instead, including tunnelIfAddressType,
50
tunnelIfLocalInetAddress, tunnelIfRemoteInetAddress,
51
the tunnelInetConfigTable, and the
54
The new tunnelIfLocalInetAddress and
55
tunnelIfRemoteInetAddress objects are read-write,
56
rather than read-only.
58
Updated DESCRIPTION clauses of existing version-
59
agnostic objects (e.g., tunnelIfTOS) that contained
60
IPv4-specific text to cover IPv6 as well.
62
Added tunnelIfFlowLabel for tunnels over IPv6.
64
The encapsulation method was previously an INTEGER
65
type, and is now an IANA-maintained textual
68
Published as RFC 4087."
69
REVISION "199908241200Z" -- August 24, 1999
71
"Initial version, published as RFC 2667."
72
::= { transmission 131 }
74
tunnelMIBObjects OBJECT IDENTIFIER ::= { tunnelMIB 1 }
76
tunnel OBJECT IDENTIFIER ::= { tunnelMIBObjects 1 }
80
tunnelIfTable OBJECT-TYPE
81
SYNTAX SEQUENCE OF TunnelIfEntry
82
MAX-ACCESS not-accessible
85
"The (conceptual) table containing information on
92
tunnelIfEntry OBJECT-TYPE
94
MAX-ACCESS not-accessible
97
"An entry (conceptual row) containing the information
98
on a particular configured tunnel."
100
::= { tunnelIfTable 1 }
102
TunnelIfEntry ::= SEQUENCE {
103
tunnelIfLocalAddress IpAddress, -- deprecated
104
tunnelIfRemoteAddress IpAddress, -- deprecated
105
tunnelIfEncapsMethod IANAtunnelType,
106
tunnelIfHopLimit Integer32,
107
tunnelIfSecurity INTEGER,
108
tunnelIfTOS Integer32,
109
tunnelIfFlowLabel IPv6FlowLabelOrAny,
110
tunnelIfAddressType InetAddressType,
111
tunnelIfLocalInetAddress InetAddress,
112
tunnelIfRemoteInetAddress InetAddress,
113
tunnelIfEncapsLimit Integer32
116
tunnelIfLocalAddress OBJECT-TYPE
121
"The address of the local endpoint of the tunnel
122
(i.e., the source address used in the outer IP
123
header), or 0.0.0.0 if unknown or if the tunnel is
126
Since this object does not support IPv6, it is
127
deprecated in favor of tunnelIfLocalInetAddress."
128
::= { tunnelIfEntry 1 }
130
tunnelIfRemoteAddress OBJECT-TYPE
135
"The address of the remote endpoint of the tunnel
136
(i.e., the destination address used in the outer IP
137
header), or 0.0.0.0 if unknown, or an IPv6 address, or
141
the tunnel is not a point-to-point link (e.g., if it
144
Since this object does not support IPv6, it is
145
deprecated in favor of tunnelIfRemoteInetAddress."
146
::= { tunnelIfEntry 2 }
148
tunnelIfEncapsMethod OBJECT-TYPE
149
SYNTAX IANAtunnelType
153
"The encapsulation method used by the tunnel."
154
::= { tunnelIfEntry 3 }
156
tunnelIfHopLimit OBJECT-TYPE
157
SYNTAX Integer32 (0 | 1..255)
158
MAX-ACCESS read-write
161
"The IPv4 TTL or IPv6 Hop Limit to use in the outer IP
162
header. A value of 0 indicates that the value is
163
copied from the payload's header."
164
::= { tunnelIfEntry 4 }
166
tunnelIfSecurity OBJECT-TYPE
168
none(1), -- no security
169
ipsec(2), -- IPsec security
175
"The method used by the tunnel to secure the outer IP
176
header. The value ipsec indicates that IPsec is used
177
between the tunnel endpoints for authentication or
178
encryption or both. More specific security-related
179
information may be available in a MIB module for the
180
security protocol in use."
181
::= { tunnelIfEntry 5 }
183
tunnelIfTOS OBJECT-TYPE
184
SYNTAX Integer32 (-2..63)
185
MAX-ACCESS read-write
188
"The method used to set the high 6 bits (the
192
differentiated services codepoint) of the IPv4 TOS or
193
IPv6 Traffic Class in the outer IP header. A value of
194
-1 indicates that the bits are copied from the
195
payload's header. A value of -2 indicates that a
196
traffic conditioner is invoked and more information
197
may be available in a traffic conditioner MIB module.
198
A value between 0 and 63 inclusive indicates that the
199
bit field is set to the indicated value.
201
Note: instead of the name tunnelIfTOS, a better name
202
would have been tunnelIfDSCPMethod, but the existing
203
name appeared in RFC 2667 and existing objects cannot
205
::= { tunnelIfEntry 6 }
207
tunnelIfFlowLabel OBJECT-TYPE
208
SYNTAX IPv6FlowLabelOrAny
209
MAX-ACCESS read-write
212
"The method used to set the IPv6 Flow Label value.
213
This object need not be present in rows where
214
tunnelIfAddressType indicates the tunnel is not over
215
IPv6. A value of -1 indicates that a traffic
216
conditioner is invoked and more information may be
217
available in a traffic conditioner MIB. Any other
218
value indicates that the Flow Label field is set to
219
the indicated value."
220
::= { tunnelIfEntry 7 }
222
tunnelIfAddressType OBJECT-TYPE
223
SYNTAX InetAddressType
224
MAX-ACCESS read-write
227
"The type of address in the corresponding
228
tunnelIfLocalInetAddress and tunnelIfRemoteInetAddress
230
::= { tunnelIfEntry 8 }
232
tunnelIfLocalInetAddress OBJECT-TYPE
234
MAX-ACCESS read-write
237
"The address of the local endpoint of the tunnel
238
(i.e., the source address used in the outer IP
239
header). If the address is unknown, the value is
243
0.0.0.0 for IPv4 or :: for IPv6. The type of this
244
object is given by tunnelIfAddressType."
245
::= { tunnelIfEntry 9 }
247
tunnelIfRemoteInetAddress OBJECT-TYPE
249
MAX-ACCESS read-write
252
"The address of the remote endpoint of the tunnel
253
(i.e., the destination address used in the outer IP
254
header). If the address is unknown or the tunnel is
255
not a point-to-point link (e.g., if it is a 6to4
256
tunnel), the value is 0.0.0.0 for tunnels over IPv4 or
257
:: for tunnels over IPv6. The type of this object is
258
given by tunnelIfAddressType."
259
::= { tunnelIfEntry 10 }
261
tunnelIfEncapsLimit OBJECT-TYPE
262
SYNTAX Integer32 (-1 | 0..255)
263
MAX-ACCESS read-write
266
"The maximum number of additional encapsulations
267
permitted for packets undergoing encapsulation at this
268
node. A value of -1 indicates that no limit is
269
present (except as a result of the packet size)."
270
REFERENCE "RFC 2473, section 4.1.1"
271
::= { tunnelIfEntry 11 }
273
tunnelConfigTable OBJECT-TYPE
274
SYNTAX SEQUENCE OF TunnelConfigEntry
275
MAX-ACCESS not-accessible
278
"The (conceptual) table containing information on
279
configured tunnels. This table can be used to map a
280
set of tunnel endpoints to the associated ifIndex
281
value. It can also be used for row creation. Note
282
that every row in the tunnelIfTable with a fixed IPv4
283
destination address should have a corresponding row in
284
the tunnelConfigTable, regardless of whether it was
287
Since this table does not support IPv6, it is
288
deprecated in favor of tunnelInetConfigTable."
294
tunnelConfigEntry OBJECT-TYPE
295
SYNTAX TunnelConfigEntry
296
MAX-ACCESS not-accessible
299
"An entry (conceptual row) containing the information
300
on a particular configured tunnel.
302
Since this entry does not support IPv6, it is
303
deprecated in favor of tunnelInetConfigEntry."
304
INDEX { tunnelConfigLocalAddress,
305
tunnelConfigRemoteAddress,
306
tunnelConfigEncapsMethod,
308
::= { tunnelConfigTable 1 }
310
TunnelConfigEntry ::= SEQUENCE {
311
tunnelConfigLocalAddress IpAddress,
312
tunnelConfigRemoteAddress IpAddress,
313
tunnelConfigEncapsMethod IANAtunnelType,
314
tunnelConfigID Integer32,
315
tunnelConfigIfIndex InterfaceIndexOrZero,
316
tunnelConfigStatus RowStatus
319
tunnelConfigLocalAddress OBJECT-TYPE
321
MAX-ACCESS not-accessible
324
"The address of the local endpoint of the tunnel, or
325
0.0.0.0 if the device is free to choose any of its
326
addresses at tunnel establishment time.
328
Since this object does not support IPv6, it is
329
deprecated in favor of tunnelInetConfigLocalAddress."
330
::= { tunnelConfigEntry 1 }
332
tunnelConfigRemoteAddress OBJECT-TYPE
334
MAX-ACCESS not-accessible
337
"The address of the remote endpoint of the tunnel.
339
Since this object does not support IPv6, it is
340
deprecated in favor of tunnelInetConfigRemoteAddress."
341
::= { tunnelConfigEntry 2 }
345
tunnelConfigEncapsMethod OBJECT-TYPE
346
SYNTAX IANAtunnelType
347
MAX-ACCESS not-accessible
350
"The encapsulation method used by the tunnel.
352
Since this object does not support IPv6, it is
353
deprecated in favor of tunnelInetConfigEncapsMethod."
354
::= { tunnelConfigEntry 3 }
356
tunnelConfigID OBJECT-TYPE
357
SYNTAX Integer32 (1..2147483647)
358
MAX-ACCESS not-accessible
361
"An identifier used to distinguish between multiple
362
tunnels of the same encapsulation method, with the
363
same endpoints. If the encapsulation protocol only
364
allows one tunnel per set of endpoint addresses (such
365
as for GRE or IP-in-IP), the value of this object is
366
1. For encapsulation methods (such as L2F) which
367
allow multiple parallel tunnels, the manager is
368
responsible for choosing any ID which does not
369
conflict with an existing row, such as choosing a
372
Since this object does not support IPv6, it is
373
deprecated in favor of tunnelInetConfigID."
374
::= { tunnelConfigEntry 4 }
376
tunnelConfigIfIndex OBJECT-TYPE
377
SYNTAX InterfaceIndexOrZero
381
"If the value of tunnelConfigStatus for this row is
382
active, then this object contains the value of ifIndex
383
corresponding to the tunnel interface. A value of 0
384
is not legal in the active state, and means that the
385
interface index has not yet been assigned.
387
Since this object does not support IPv6, it is
388
deprecated in favor of tunnelInetConfigIfIndex."
389
::= { tunnelConfigEntry 5 }
391
tunnelConfigStatus OBJECT-TYPE
396
MAX-ACCESS read-create
399
"The status of this row, by which new entries may be
400
created, or old entries deleted from this table. The
401
agent need not support setting this object to
402
createAndWait or notInService since there are no other
403
writable objects in this table, and writable objects
404
in rows of corresponding tables such as the
405
tunnelIfTable may be modified while this row is
408
To create a row in this table for an encapsulation
409
method which does not support multiple parallel
410
tunnels with the same endpoints, the management
411
station should simply use a tunnelConfigID of 1, and
412
set tunnelConfigStatus to createAndGo. For
413
encapsulation methods such as L2F which allow multiple
414
parallel tunnels, the management station may select a
415
pseudo-random number to use as the tunnelConfigID and
416
set tunnelConfigStatus to createAndGo. In the event
417
that this ID is already in use and an
418
inconsistentValue is returned in response to the set
419
operation, the management station should simply select
420
a new pseudo-random number and retry the operation.
422
Creating a row in this table will cause an interface
423
index to be assigned by the agent in an
424
implementation-dependent manner, and corresponding
425
rows will be instantiated in the ifTable and the
426
tunnelIfTable. The status of this row will become
427
active as soon as the agent assigns the interface
428
index, regardless of whether the interface is
431
Deleting a row in this table will likewise delete the
432
corresponding row in the ifTable and in the
435
Since this object does not support IPv6, it is
436
deprecated in favor of tunnelInetConfigStatus."
437
::= { tunnelConfigEntry 6 }
439
tunnelInetConfigTable OBJECT-TYPE
440
SYNTAX SEQUENCE OF TunnelInetConfigEntry
441
MAX-ACCESS not-accessible
447
"The (conceptual) table containing information on
448
configured tunnels. This table can be used to map a
449
set of tunnel endpoints to the associated ifIndex
450
value. It can also be used for row creation. Note
451
that every row in the tunnelIfTable with a fixed
452
destination address should have a corresponding row in
453
the tunnelInetConfigTable, regardless of whether it
454
was created via SNMP."
457
tunnelInetConfigEntry OBJECT-TYPE
458
SYNTAX TunnelInetConfigEntry
459
MAX-ACCESS not-accessible
462
"An entry (conceptual row) containing the information
463
on a particular configured tunnel. Note that there is
464
a 128 subid maximum for object OIDs. Implementers
465
need to be aware that if the total number of octets in
466
tunnelInetConfigLocalAddress and
467
tunnelInetConfigRemoteAddress exceeds 110 then OIDs of
468
column instances in this table will have more than 128
469
sub-identifiers and cannot be accessed using SNMPv1,
470
SNMPv2c, or SNMPv3. In practice this is not expected
471
to be a problem since IPv4 and IPv6 addresses will not
472
cause the limit to be reached, but if other types are
473
supported by an agent, care must be taken to ensure
474
that the sum of the lengths do not cause the limit to
476
INDEX { tunnelInetConfigAddressType,
477
tunnelInetConfigLocalAddress,
478
tunnelInetConfigRemoteAddress,
479
tunnelInetConfigEncapsMethod,
481
::= { tunnelInetConfigTable 1 }
483
TunnelInetConfigEntry ::= SEQUENCE {
484
tunnelInetConfigAddressType InetAddressType,
485
tunnelInetConfigLocalAddress InetAddress,
486
tunnelInetConfigRemoteAddress InetAddress,
487
tunnelInetConfigEncapsMethod IANAtunnelType,
488
tunnelInetConfigID Integer32,
489
tunnelInetConfigIfIndex InterfaceIndexOrZero,
490
tunnelInetConfigStatus RowStatus,
491
tunnelInetConfigStorageType StorageType
494
tunnelInetConfigAddressType OBJECT-TYPE
498
SYNTAX InetAddressType
499
MAX-ACCESS not-accessible
502
"The address type over which the tunnel encapsulates
504
::= { tunnelInetConfigEntry 1 }
506
tunnelInetConfigLocalAddress OBJECT-TYPE
508
MAX-ACCESS not-accessible
511
"The address of the local endpoint of the tunnel, or
512
0.0.0.0 (for IPv4) or :: (for IPv6) if the device is
513
free to choose any of its addresses at tunnel
515
::= { tunnelInetConfigEntry 2 }
517
tunnelInetConfigRemoteAddress OBJECT-TYPE
519
MAX-ACCESS not-accessible
522
"The address of the remote endpoint of the tunnel."
523
::= { tunnelInetConfigEntry 3 }
525
tunnelInetConfigEncapsMethod OBJECT-TYPE
526
SYNTAX IANAtunnelType
527
MAX-ACCESS not-accessible
530
"The encapsulation method used by the tunnel."
531
::= { tunnelInetConfigEntry 4 }
533
tunnelInetConfigID OBJECT-TYPE
534
SYNTAX Integer32 (1..2147483647)
535
MAX-ACCESS not-accessible
538
"An identifier used to distinguish between multiple
539
tunnels of the same encapsulation method, with the
540
same endpoints. If the encapsulation protocol only
541
allows one tunnel per set of endpoint addresses (such
542
as for GRE or IP-in-IP), the value of this object is
543
1. For encapsulation methods (such as L2F) which
544
allow multiple parallel tunnels, the manager is
545
responsible for choosing any ID which does not
549
conflict with an existing row, such as choosing a
551
::= { tunnelInetConfigEntry 5 }
553
tunnelInetConfigIfIndex OBJECT-TYPE
554
SYNTAX InterfaceIndexOrZero
558
"If the value of tunnelInetConfigStatus for this row
559
is active, then this object contains the value of
560
ifIndex corresponding to the tunnel interface. A
561
value of 0 is not legal in the active state, and means
562
that the interface index has not yet been assigned."
563
::= { tunnelInetConfigEntry 6 }
565
tunnelInetConfigStatus OBJECT-TYPE
567
MAX-ACCESS read-create
570
"The status of this row, by which new entries may be
571
created, or old entries deleted from this table. The
572
agent need not support setting this object to
573
createAndWait or notInService since there are no other
574
writable objects in this table, and writable objects
575
in rows of corresponding tables such as the
576
tunnelIfTable may be modified while this row is
579
To create a row in this table for an encapsulation
580
method which does not support multiple parallel
581
tunnels with the same endpoints, the management
582
station should simply use a tunnelInetConfigID of 1,
583
and set tunnelInetConfigStatus to createAndGo. For
584
encapsulation methods such as L2F which allow multiple
585
parallel tunnels, the management station may select a
586
pseudo-random number to use as the tunnelInetConfigID
587
and set tunnelInetConfigStatus to createAndGo. In the
588
event that this ID is already in use and an
589
inconsistentValue is returned in response to the set
590
operation, the management station should simply select
591
a new pseudo-random number and retry the operation.
593
Creating a row in this table will cause an interface
594
index to be assigned by the agent in an
595
implementation-dependent manner, and corresponding
596
rows will be instantiated in the ifTable and the
600
tunnelIfTable. The status of this row will become
601
active as soon as the agent assigns the interface
602
index, regardless of whether the interface is
605
Deleting a row in this table will likewise delete the
606
corresponding row in the ifTable and in the
608
::= { tunnelInetConfigEntry 7 }
610
tunnelInetConfigStorageType OBJECT-TYPE
612
MAX-ACCESS read-create
615
"The storage type of this row. If the row is
616
permanent(4), no objects in the row need be writable."
617
::= { tunnelInetConfigEntry 8 }
621
OBJECT IDENTIFIER ::= { tunnelMIB 2 }
623
OBJECT IDENTIFIER ::= { tunnelMIBConformance 1 }
624
tunnelMIBGroups OBJECT IDENTIFIER ::= { tunnelMIBConformance 2 }
627
tunnelMIBCompliance MODULE-COMPLIANCE
630
"The (deprecated) IPv4-only compliance statement for
633
This is deprecated in favor of
634
tunnelMIBInetFullCompliance and
635
tunnelMIBInetReadOnlyCompliance."
636
MODULE -- this module
637
MANDATORY-GROUPS { tunnelMIBBasicGroup }
639
OBJECT tunnelIfHopLimit
642
"Write access is not required."
650
"Write access is not required."
652
OBJECT tunnelConfigStatus
655
"Write access is not required."
656
::= { tunnelMIBCompliances 1 }
658
tunnelMIBInetFullCompliance MODULE-COMPLIANCE
661
"The full compliance statement for the IP Tunnel MIB."
662
MODULE -- this module
663
MANDATORY-GROUPS { tunnelMIBInetGroup }
665
OBJECT tunnelIfAddressType
666
SYNTAX InetAddressType { ipv4(1), ipv6(2),
669
"An implementation is only required to support IPv4
670
and/or IPv6 addresses. An implementation only needs to
671
support the addresses it actually supports on the
673
::= { tunnelMIBCompliances 2 }
675
tunnelMIBInetReadOnlyCompliance MODULE-COMPLIANCE
678
"The read-only compliance statement for the IP Tunnel
680
MODULE -- this module
681
MANDATORY-GROUPS { tunnelMIBInetGroup }
683
OBJECT tunnelIfHopLimit
686
"Write access is not required."
691
"Write access is not required."
693
OBJECT tunnelIfFlowLabel
696
"Write access is not required."
700
OBJECT tunnelIfAddressType
701
SYNTAX InetAddressType { ipv4(1), ipv6(2),
705
"Write access is not required.
707
An implementation is only required to support IPv4
708
and/or IPv6 addresses. An implementation only needs to
709
support the addresses it actually supports on the
712
OBJECT tunnelIfLocalInetAddress
715
"Write access is not required."
717
OBJECT tunnelIfRemoteInetAddress
720
"Write access is not required."
722
OBJECT tunnelIfEncapsLimit
725
"Write access is not required."
727
OBJECT tunnelInetConfigStatus
730
"Write access is not required, and active is the only
731
status that needs to be supported."
733
OBJECT tunnelInetConfigStorageType
736
"Write access is not required."
737
::= { tunnelMIBCompliances 3 }
740
tunnelMIBBasicGroup OBJECT-GROUP
741
OBJECTS { tunnelIfLocalAddress, tunnelIfRemoteAddress,
742
tunnelIfEncapsMethod, tunnelIfHopLimit, tunnelIfTOS,
743
tunnelIfSecurity, tunnelConfigIfIndex, tunnelConfigStatus }
746
"A collection of objects to support basic management
750
of IPv4 Tunnels. Since this group cannot support
751
IPv6, it is deprecated in favor of
753
::= { tunnelMIBGroups 1 }
755
tunnelMIBInetGroup OBJECT-GROUP
756
OBJECTS { tunnelIfAddressType, tunnelIfLocalInetAddress,
757
tunnelIfRemoteInetAddress, tunnelIfEncapsMethod,
759
tunnelIfHopLimit, tunnelIfTOS, tunnelIfFlowLabel,
760
tunnelIfSecurity, tunnelInetConfigIfIndex,
761
tunnelInetConfigStatus, tunnelInetConfigStorageType }
764
"A collection of objects to support basic management
765
of IPv4 and IPv6 Tunnels."
766
::= { tunnelMIBGroups 2 }