This MIB Module models status, performance and failures
of a protocol with the generic characteristics of signalling 
protocols used with IPsec and FC-SP protocols. Examples
of such protocols include IKE, KINK, etc. This MIB views the
common attributes of such protocols. Signaling protocols are
also referred in this document as 'Control Protocols', since 
they perform session control.
        
This MIB is an attempt to capture the generic aspects 
of the signaling activity. The protocol-specific aspects
of a signaling protocol still need to be captured 
in a protocol-specific MIB (e.g., CISCO-IKE-FLOW-MIB, etc.).
        
Acronyms
The following acronyms are used in this document:
        
   IPsec:      Secure IP Protocol
        
   VPN:        Virtual Private Network
        
   ISAKMP:     Internet Security Association and Key Exchange
               Protocol
        
   IKE:        Internet Key Exchange Protocol
        
   SA:         Security Association 
           (ref: rfc2408).
        
   Phase 1 Tunnel:
               An ISAKMP SA can be regarded as representing
               a flow of ISAKMP/IKE traffic. Hence an ISAKMP
               is referred to as a 'Phase 1 Tunnel' in this
               document. 
        
   Control Tunnel:
               Another term for a Phase 1 Tunnel.
        
   Phase 2 Tunnel:
               An instance of a non-ISAKMP SA  bundle in which all
               the SA share the same proxy identifiers (IDii,IDir)
               protect the same stream of application traffic.
               Such an SA bundle is termed a 'Phase 2 Tunnel'.
               Note that a Phase 2 tunnel may comprise different
               SA bundles and different number of SA bundles at
               different times (due to key refresh).
        
        
History of the MIB
 A precursor to this MIB was the IPsec Flow Monitor MIB, which
 combined the objects pertaining to IKE and IPsec (Phase-2)
 into a single MIB module. Furthermore, the MIB supported only
 one signaling protocol, IKEv1, in addition to manual keying.
        
 The MIB was written by Tivoli and implemented in IBM Nways 
 routers in 1999. During late 1999, Cisco adopted the MIB and 
 together with Tivoli publised the IPsec Flow Monitor MIB in 
 IETF IPsec WG in draft-ietf-ipsec-flow-monitoring-mib-00.txt. 
 In 2000, the MIB was Cisco-ized and implemented as
 CISCO-IPSEC-FLOW-MONITOR-MIB in IOS and VPN3000 platforms.
        
 With the evolution of IKEv2, the MIB was modified and 
 presented to the IPsec WG again in May 2003 in
 draft-ietf-ipsec-flow-monitoring-mib-02.txt.
        
 With the emergence to multiple signaling protocols, it has
 further evolved to define separate set of MIB modules to 
 instrument IPsec signaling alone. Thus, this MIB module
 is now the generic IPsec signaling MIB.
          
Overview of MIB
 The MIB contains major groups of objects which are
 used to manage the generic aspects of IPsec signaling. 
 These groups include a global statistics, control tunnel table,
 Peer association group, control tunnel history group,
 signaling failure group and notification group.
        
 The global statistics, tunnel table and peer association
 groups aid in the real-time monitoring of IPsec signaling
 activity.
        
 The History group is to aid applications that do
 trending analysis.
        
 The Failure group is to enable an operator to
 do troubleshooting and debugging.
 Further, counters are supported to aid detection
 of potential security violations.
        
 The notifications are modeled as generic IPsec control 
 notifications and are parameterized by the identity of the
 specific signaling protocol which caused the notification
 to be issued.