IKEv2 Protocol Operations
The SNMP MIB is formed by appending the value in the SNMP
MIB Ending column to 1.3.6.1.4.1.9148.3.9.1.9.X
(apSecurityIkeInterfaceInfoTable), where X specifies the interface index. For
example, the SNMP MIB for the Current Child SA Pairs is
1.3.6.1.4.1.9148.3.9.1.9.X.33, where X specifies the interface index.
Note:
The range for all 32-bit counters is 0 to 4294967295.| Name | Description | Type | SNMP MIB Ending |
|---|---|---|---|
| Current Child SA Pairs | The number of current child IPsec SA pairs on the interface. As each IPsec tunnel requires two unidirectional SAs, this number equals the current number of tunnels on the interface. Note that this count is available through both an ACLI show command and an SNMP GET operation. | gauge | .33 |
| Maximum Child SA Pairs | The largest number of child IPsec SA pairs on the interface since this counter was last reset. As each IPsec tunnel requires a single SA pair, this value equates to the largest number of tunnels on the interface. | gauge | |
| Last Reset Timestamp | The time that this interface was last reset -- expressed as a UNIX timestamp containing the number of seconds since January 1, 1970. | UNIX timestamp | |
| Child SA Request | The number of requests to add a child SA pair that were received on the interface. These requests include IPsec SA rekey requests. | counter | .1 |
| Child SA Success | The number of requests to add a child SA pair that were successfully completed on the interface. These successes include new children created by IPsec SA rekeys. | counter | .2 |
| Child SA Failure | The number of requests to add a child SA pair that were not successfully completed on the interface. These failures include unsuccessful IPsec SA rekeys. | counter | .3 |
| Child SA Delete Requests | The number of requests to delete a child SA pair that were received on the interface. These requests include deletion requests associated with IPsec SA rekeys. | counter | .4 |
| Child SA Delete Success | The number of requests to delete a child SA pair that were successfully completed on the interface. These successes include children deleted by IPsec SA rekeys. | counter | .5 |
| Child SA Delete Failure | The number of requests to delete a child SA pair that were not successfully completed on the interface. These failures include unsuccessful deletions associated IPsec SA rekeys. | counter | .6 |
| Child SA Rekey | The number of child IPsec rekey exchanges transacted on the interface. | counter | .7 |
| Initial Child SA Establishment | The number of initial child SA pair establishments, in other words, the number of successful IKE_AUTH exchanges transacted on the interface. | counter | .8 |
| DPD Received Port Change | The number of DPD messages received on the interface that contained a port change from the previously received message. The port change indicates that the IKEv2 has moved to another port, or that an intervening NAT device has changed port mapping. These actions do not impact SA functions. | counter | .9 |
| DPD Received IP Change | The number of DPD messages received on the interface that contained an IP address change from the previously received message. | counter | .10 |
| DPD Response Received | The number of DPD ACK responses received on the interface. An ACK is sent by an IKEv2 peer in response to an R-U-THERE issued by the Oracle Communications Session Border Controller. A successful R-U-THERE/ACK exchange establishes availability on the remote IKEv2 peer. | counter | .11 |
| DPD Response Not Received | The number of R-U-THERE messages transmitted on the interface that were not acknowledged within the DPD allowed interval. | counter | .12 |
| DPD Received | The number of all DPD protocol messages received on the interface. | counter | .13 |
| DPD Retransmitted | The number of R-U-THERE messages that were re-transmitted because the original R-U-THERE message was not acknowledged. | counter | .14 |
| DPD Sent | The number of R-U-THERE messages that were sent across the interface, to include retransmitals. | counter | .15 |
| IKE SA Packets Sent | The number of IKEv2 SA packets sent across the interface. | counter | .16 |
| IKE SA Packets Received | The number of IKEv2 SA packets received across the interface. | counter | .17 |
| IKE SA Packets Dropped | The number of IKEv2 SA packets dropped by the interface. | counter | .18 |
| Authentication Failures | The number of authentication failures that occurred after the purported identity of the remote IKEv2 peer was ascertained. | counter | .19 |
| IKE Message Errors | The number of otherwise uncharacterized IKEv2 message errors. | counter | .20 |
| Authentication ID Errors | The number of errors that occurred during the identification stage of the authentication process. | counter | .21 |
| Certificate Status Requests | The number of certificate status requests sent across the interface to an OCSP responder. | counter | .22 |
| Certificate Status Success | The total number of OCSP successes, that is the number of OCSP requests that generated a good status from an OCSP responder. | counter | .23 |
| Certificate Status Fail | The total number of OCSP failures, to include unacknowledged OCSP requests and those requests that generated a revoked or unknown response from an OCSP responder. | counter | .24 |
| DDoS Sent | The number of suspicious, and possibly malicious, endpoints reported by the interface-specific DDoS process (if configured as described in the IKEv2 DDoS Protection section of the Oracle Communications Session Border Controller Essentials guide). | counter | .25 |
| DDoS Received | The number of suspicious, and possibly malicious, endpoints reported by statically provisioned deny lists (as described in SIP Signaling Services and Security chapters of the ACLI Configuration Guide). | counter | .26 |
| IKE Message Retransmissions | The total number of IKEv2 message re-transmissions. | counter | .27 |
| SA Init Messages Received | The total number of IKEv2 message re-transmissions. | counter | .28 |
| SA Init Message Sent | The total number of IKEv2 message re-transmissions. | counter | .29 |
| SA Establishment Attempts | The total number of IKEv2 message re-transmissions. | counter | .30 |
| SA Establishment Success | The total number of IKEv2 SA successfully established on the IKEv2 interface. | counter | .31 |
| Tunnel Rate | Specifies the tunnel establishment rate, in terms of tunnels created per second. Note that this count is available through both an ACLI show command and an SNMP GET operation. | gauge | .32 |