[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [midcom] MIDCOM MIB design question

To: "Tom Taylor" <taylor@nortelnetworks.com>, "Juergen Quittek" <quittek@ccrle.nec.de>
Subject: RE: [midcom] MIDCOM MIB design question
From: "Harrington, David" <dbh@enterasys.com>
Date: Thu, 11 Dec 2003 10:36:50 -0500
Cc: <mibs@ops.ietf.org>, <midcom@ietf.org>

Hi Tom,

I didn't understand this comment. Can you explain further what boxes you
are referring to, and which functionality would be implemented on each?

Thanks,
dbh

> -----Original Message-----
> From: Tom Taylor [mailto:taylor@nortelnetworks.com] 
> Sent: Wednesday, December 10, 2003 1:13 PM
> To: Juergen Quittek
> Cc: mibs@ops.ietf.org; midcom@ietf.org
> Subject: Re: [midcom] MIDCOM MIB design question
> 
> 
> I'd say they should be in separate modules because they are 
> likely to be 
> implemented on separate boxes on the SNMP client side.
> 
> Juergen Quittek wrote:
> 
> > Dear all,
> > 
> > In the MIDCOM working group we are developing a protocol 
> for dynamically
> > requesting pinholes in firewalls and bindings/sessions on NATs.
> > 
> > The working group decided to use SNMP as basic protocol and 
> now we are
> > defining a MIDCOM MIB module.  While doing this, we found 
> that we are
> > defining two separate groups of objects:  Objects 
> implementing the MIDCOM
> > protocol (for which we already have a protocol semantics 
> document, see
> > draft-ietf-midcom-semantics-06.txt) and objects serving management 
> > purposes.
> > Management purposes include for example configurations, such as
> >  - the priority with which requested pinholes are configured in the 
> > firewall,
> >  - a table showing the mapping of MIDCOM pinholes to 
> firewall resources
> >    or of MIDCOM NAT sessions/bindings to NAT resources
> >  - a protocol statistics table listing the set of active 
> MIDCOM sessions,
> >    protocol errors, etc.
> > 
> > For these two groups of objects there are also two separate 
> groups of 
> > users:
> >  - middlebox controllers sending requests for dynamic 
> pinholes and NAT
> >    sessions/bindings
> >  - network managers configuring the middlebox (firewall or NAT) and
> >    monitoring its operation
> > 
> > The middlebox controllers only need access to the objects 
> implementing
> > the MIDCOM protocol.
> > 
> > The network managers would rather use the objects serving 
> management 
> > purposes
> > although in some cases they might need to access the other 
> group also.
> > 
> > Now, we have a draft defining these objects and the 
> following question:
> > 
> > Does someone have an opinion about whether these two groups 
> of objects
> > should be contained in a single MIB module or in two separate ones?
> > 
> > Usually, this problem does not occur, because most control protocol,
> > say GSMP are not defined on top of SNMP.  Therefore in GSMP there is
> > a clear separation between the protocol and the MIB with 
> objects serving
> > network management purposes.  But in our case, SNMP is used for both
> > purposes.
> > 
> > Thanks,
> > 
> >   Juergen
> 
> 
>

Prev by Date: RE: [midcom] MIDCOM MIB design question
Next by Date: Re: MIDCOM MIB access control
Previous by thread: RE: MIDCOM MIB design question
Next by thread: RE: [midcom] MIDCOM MIB design question
Index(es):
- Date
- Thread