[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: mib

To: "'kris FALKOWSKI'" <kfalkowski@yahoo.com>
Subject: RE: mib
From: Tim Jenkins <TJenkins@Catena.com>
Date: Thu, 19 Apr 2001 16:39:53 -0400
Cc: ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com



> -----Original Message-----
> From: kris FALKOWSKI [mailto:kfalkowski@yahoo.com]
> Sent: Thursday, April 19, 2001 1:54 PM
> To: TJenkins@Catena.com
> Cc: ipsec@lists.tislabs.com
> Subject: mib
> 
> 
> Tim;
> I don't have many experiences with IPSEC MIB so let me
> ask a few questions.
> First: In IPSEC monitoring MIB there are many times
> reference  like this: ""The value is taken directly
> from the optional ID payloads that are exchanged
> during phase 2 negotiations"". In any references like
> RFC and Doraswamy/Harkins book - ID payloads are not
> optional. Could you comment?

RFC 2409 states that the IDs used in quick mode are optional. That is the
basis for those statements. (Look on page 18 near the middle of the page.)

> Second.
> The tables for IKE monitoring MIB drafts are very
> entangled and complicated. Could you offer me some
> guidance why there are so many methods and options to
> search for SA and how practically I can understand all
> this.

The reason why there are so many ways to look up SAs is that there are many
ways that people might be interested in seeing how SAs are being created or
used. That's why so many helper tables were included. Since the RFCs on
which the MIBs are based is application independent, the MIBs are also
application independent, but at the same time make an attempt to assist
application specific uses of IPsec.

The text to explain the inter-relationships between the MIB tables has
undergone numerous changes since the initial version. At this point, unless
there's something specific which isn't clear, I don't how I can help clarify
those relationships. Note that part of the reason for the relationships is
due to the relationships of IKE to ISAKMP to IPsec SAs.

Perhaps if for each of the helper tables you try think of a use for them, it
might help you to understand why they are there. For example, selectorTable
lets you sort the SAs based on selectors. This would be useful to see what
SAs a particular type of traffic would put be put through or is being put
through. The use for this is in a VPN application or for remote access, for
example.

> Thank You,
> Sincerely 
> Kris Falkowski
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Auctions - buy the things you want at great prices
> http://auctions.yahoo.com/
>

Follow-Ups:

Re: mib

From: Emmanuel Hislen <hislen@lucent.com>

Prev by Date: Re: two questions.
Next by Date: Re: mib
Prev by thread: mib
Next by thread: Re: mib
Index(es):
- Main
- Thread