[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Status of ID: IPsec Flow Monitoring MIB

To: Tim Jenkins <TJenkins@Catena.com>
Subject: Re: Status of ID: IPsec Flow Monitoring MIB
From: Leo Temoshenko <leot@cisco.com>
Date: Mon, 29 Oct 2001 20:32:53 -0500
CC: "'rks@cisco.com'" <rks@cisco.com>, Casey Carr <kcarr@nc.rr.com>, Theodore Tso <tytso@mit.edu>, Barbara Fraser <byfraser@cisco.com>, Barry Bruins <bbruins@cisco.com>, ipsec@lists.tislabs.com, Cheryl Madson <cmadson@cisco.com>, Narasimha <pcn@cisco.com>, leot@cisco.com
References: <522FDAAFD532D511A0AB0002A51390EB2F7084@cat01s2.catena.com>
Sender: owner-ipsec@lists.tislabs.com



Tim Jenkins wrote:
> 
> > Casey -
> >
> >    On Fri, 26 Oct 2001, Casey Carr wrote:
> >
> >    > Are there IETF alternative specifications for monitoring
> >    > IPSec via SNMP?  If not, what would the working group recommend
> >    > for monitoring IPSec performance?
> >
> > There are indeed two competing drafts for IKE and IPsec
> > monitoring and there is an unfortunate similarity in
> > their names. The one submitted by  Cisco and Tivoli Inc.
> > is...
> 
> I beg to differ. The series submitted by John Shriver and me
> does not 'compete' with the flow monitoring MIB.

It sure appears to.  Or why your comments to the Flow Monitoring
MIB bring in these drafts?  If they don't complete, then why
the comment. 

> 
> The series John and I submitted defines the components of IPsec
> as developed by the working group and are application independent.
> 
> If you use only some components of the work done in the IPsec WG,
> you only some of the MIBs.

This is really not possible.  All the pieces are needed to
make a whole.

> 
> The flow monitoring MIB is an application specific MIB which
> redefines the presentation of the components of IPsec in that
> single application specific MIB.

Application specific to most/all IPsec implementations.

> 
> I think the working group really needs to ask:
> 
> 1) Do the MIBs submitted by John and I represent the work developed
>    by the working group?

Perhaps, but...  From implementation experience, the Flow Monitoring
MIB has been found to be useful and implemented.  The "other"
drafts are questionable at best.

> 
> 2) Should the working group develop an application specific MIB for
>    IPsec?

Absolutely.  I would suggest abandoning the "low level" MIBs which 
no one other than an IPsec implementor could understand.  A dump of 
memory may be as useful.

> 
> If the answer to 2) is yes, then the obvious next question is:
> 
> 3) Should any application specific MIB re-use the MIBs that represent
>    the work done by the working group, or should it be a stand-alone
>    MIB?

No.  The MIBs should be stand-alone.  Thus letting implementors
to pick and choose.  

> 
> Tim
> 
> > -----Original Message-----
> > From: rks@cisco.com [mailto:rks@cisco.com]
> > Sent: Sunday, October 28, 2001 6:28 PM
> > To: Casey Carr
> > Cc: Theodore Tso; Barbara Fraser; Barry Bruins;
> > ipsec@lists.tislabs.com;
> > Cheryl Madson; Narasimha; leot@cisco.com
> > Subject: RE: Status of ID: IPsec Flow Monitoring MIB
> >
> >

References:

RE: Status of ID: IPsec Flow Monitoring MIB

From: Tim Jenkins <TJenkins@Catena.com>

Prev by Date: Re: Status of ID: IPsec Flow Monitoring MIB
Next by Date: Re: Status of ID: IPsec Flow Monitoring MIB
Prev by thread: RE: Status of ID: IPsec Flow Monitoring MIB
Next by thread: RE: Status of ID: IPsec Flow Monitoring MIB
Index(es):
- Main
- Thread