[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MIDCOM MIB design question



Dear all,

In the MIDCOM working group we are developing a protocol for dynamically
requesting pinholes in firewalls and bindings/sessions on NATs.

The working group decided to use SNMP as basic protocol and now we are
defining a MIDCOM MIB module.  While doing this, we found that we are
defining two separate groups of objects:  Objects implementing the MIDCOM
protocol (for which we already have a protocol semantics document, see
draft-ietf-midcom-semantics-06.txt) and objects serving management purposes.
Management purposes include for example configurations, such as
 - the priority with which requested pinholes are configured in the firewall,
 - a table showing the mapping of MIDCOM pinholes to firewall resources
   or of MIDCOM NAT sessions/bindings to NAT resources
 - a protocol statistics table listing the set of active MIDCOM sessions,
   protocol errors, etc.

For these two groups of objects there are also two separate groups of users:
 - middlebox controllers sending requests for dynamic pinholes and NAT
   sessions/bindings
 - network managers configuring the middlebox (firewall or NAT) and
   monitoring its operation

The middlebox controllers only need access to the objects implementing
the MIDCOM protocol.

The network managers would rather use the objects serving management purposes
although in some cases they might need to access the other group also.

Now, we have a draft defining these objects and the following question:

Does someone have an opinion about whether these two groups of objects
should be contained in a single MIB module or in two separate ones?

Usually, this problem does not occur, because most control protocol,
say GSMP are not defined on top of SNMP.  Therefore in GSMP there is
a clear separation between the protocol and the MIB with objects serving
network management purposes.  But in our case, SNMP is used for both
purposes.

Thanks,

  Juergen
--
Juergen Quittek        quittek@ccrle.nec.de        Tel: +49 6221 90511-15
NEC Europe Ltd.,       Network Laboratories        Fax: +49 6221 90511-55
Kurfuersten-Anlage 36, 69115 Heidelberg, Germany   http://www.ccrle.nec.de