[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSEC-IPSEC-ACTION-MIB
[pls forward to ipsp WG
I happened to be looking at (since I was checking IPsec PIB)
IPSEC-IPSECACTION-MIB.
(IPSEC-IKEACTION-MIB may have similar concerns, did not check so much,
but pls do check yourself).
And I see:
ipsaPeerIdAddress OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The property PeerAddress specifies the IP address of the
peer. The format is specified by the
ipsaPeerIdAddressType.
Values of unknown, ipv4z, ipv6z and dns are not legal
values for this object."
Such "not legal" things MUST be specified in the MODULE-COMPLIANCE with
OBJECT ipsaPeerIdAddressType
SYNTAX InetAddressType { ipv4(x), ipv6(y) }
DESCRIPTION "No need to support values unknown, ipv4z, ipv6z and
dns because they are legal values for this object."
Pls fill out the x and y
At the same time you can then restrict the SIZE for the InetAddress
(if you want to (also in the MODULE-COMPLIANCE)
For StorageType objects (like ipsaSaPreActStorageType), you MUST specify
which of the columns MUST be writable for permanent rows.
See the STorageType TC in RFC2579 that explains/prescribes this
MODULE assignments like ::= { spdActions 1 }
are not good. (see MIB review guidelines about that.
It will be difficult to keep track as to which ones have been
assigned and which ones have not. We have been burnt in the past.
Why not just allocate under mib-2 ?
Tool smilint tells me:
C:\smi\pibs\ietf>smilint -l 6 -m -s -inamelength-32 ./IPSEC-IPSECACTION-MIB
./IPSEC-IPSECACTION-MIB:97: [5] {type-without-format} warning: type `IpsecDoiEnc
apsulationMode' has no format specification
./IPSEC-IPSECACTION-MIB:117: [5] {type-without-format} warning: type `IpsecDoiIp
compTransform' has no format specification
./IPSEC-IPSECACTION-MIB:147: [5] {type-without-format} warning: type `IpsecDoiAu
thAlgorithm' has no format specification
./IPSEC-IPSECACTION-MIB:185: [5] {type-without-format} warning: type `IpsecDoiEs
pTransform' has no format specification
./IPSEC-IPSECACTION-MIB:228: [5] {type-without-format} warning: type `IpsecDoiId
entType' has no format specification
These are only warnings, but you may want to check it anyway,.
I believe it is caused by a missing DISPLAY-HINT
Various of your objects would be improved if you added a UNITS clause.
This sentence (on page 39) seems copied from another MIB document
Therefore, when configuring data in the IPSEC-SPD-MIB, you SHOULD use
SNMP version 3. The rest of this discussion assumes the use of
SNMPv3. This is a real strength, because it allows administrators
That is OK, but I guess you want to at least use the name of your
MIB module, no?
I see no IANA COnsiderations section. This is mandatory these days (quite
a while already).
I think that the prose to explain this MIB module (i.e. sect 3 and 4 is
pretty meager. You may want to expand somewhat on that,
This is not a final review by a long shot. Just some quick remarks
after a very quick and cursory browse.
You may also want to check
*** matchref -- match citations and references.
Input file: draft-ietf-ipsp-ipsecaction-mib-01.txt
!! Missing citation for Normative reference:
P041 L043: [RFC3411] Harrington, D., Presuhn, R. and B. Wijnen, "An
!! Missing citation for Normative reference:
P041 L049: [RFC3412] Case, J., Harrington, D., Presuhn, R. and B. Wijnen,
!! Missing citation for Normative reference:
P041 L055: [RFC3413] Levi, D., Meyer, P. and B. Stewart, "Simple Network
!! Missing citation for Normative reference:
P041 L060: [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model
!! Missing citation for Normative reference:
P042 L006: [RFC3415] Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based
~
Bert