[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec MIB

To: ipsec@tis.com
Subject: IPSec MIB
From: Uri Blumenthal <NOSPAM!uri@ibm.net>
Date: Wed, 9 Apr 1997 17:48:09 -0400
Reply-to: uri@watson.ibm.com
Sender: owner-ipsec@ex.tis.com

Howdy!

A good news is, as you should have already heard - IPSec 
MIB work has begun.  Rodney Thayer and myself kindly
undertook the mission. (:-)

It is possible that we create an ipsec-mib mailing list
for information exchange that isn't of interest to
"generic" IPSEC crowd. If so, the announcement
will come out her shortly. Otherwise we'll 
stay here, for your benefit and our amusement.

In the meanwhile, please inhale, exhale and contemplate
the following: what information that one could retrieve
would help you monitor, control and DEBUG an IPSEC code?
As has been already said, we can give you plenty of
counters - but do you care to have 'em? If you
are an implementor who has the pleasure of
debugging the code, or a NetAdmin who's going
to have the sorry job of configuring the installations 
and figuring out why the hell the dozen of seemingly healthy
computers absolutely refuse to talk to each other - please read 
on and be ready to give us peace of your mind wrt. what we
can do to make your life easier.

IPSEC MIB can offer you knowb and dials to monitor what the
protocol is doing and to affect (control) its operations.
Probably IPSEC MIB will be used in conjunction with the
other MIBs your box is likely to have ("interfaces"
group, for example, that gives you some info on
what's going on with the interface cards - how
much traffic went through, error rate etc).


A first shot.

Dials:
	- a list of SPIs with the parameter values
	  might be helpful;
	- a list of the hashes of the keys in use
	  might assist in debugging;
	- some counters (number of rekeys, number of
	  bad auth, garbled crypto, etc.) could be
	  of some use;
	- do you care to have anything else? Precisely 
	  what? What for (i.e. how would you use it)?

Knobs/buttons:
	- enforce rekey now;
	- control of various windows and timeouts (make
	  'em narrower or wider);
	- enabling/disabling certain algorithms (that
	  could be then used in the negotiations);
	- enabling/disabling certain modes (i.e. from now
	  on only encrypting SA can be negotiated);
	- set certain parameters (length of something...?);
	- again, anything else?

If this MIB is to be useful and not just a placeholder
(like too many of the existing MIBs) - please give us
your input.

If you have anything [constructive] to say, please either
post it here, or e-mail to BOTH of us:

	uri@watson.ibm.com
	rodney@sabletech.com

Thanks for your attention, you may get back to work now (:-).

Regards,
Uri
-=-=-==-=-=-		uri@watson.ibm.com
<Disclaimer>

Follow-Ups:

Re: IPSec MIB

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: Re: Effective policy enforcement
Next by Date: Re: IPSec MIB
Prev by thread: Re: Effective policy enforcement
Next by thread: Re: IPSec MIB
Index(es):
- Main
- Thread