RFC2271 - An Architecture for Describing SNMP Management Frameworks
时间:2024-11-18 07:37:04
来源:网络
浏览:11次
Network Working Group D. Harrington
Request for Comments: 2271 Cabletron Systems, Inc.
Obsoletes: 2261 R. Presuhn
Category: Standards Track BMC Software, Inc.
B. Wijnen
IBM T. J. Watson Research
January 1998
An Architecture for Describing
SNMP Management Frameworks
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
IANA Note
Due to a clerical error in the assignment of the snmpModules in this
memo, this RFCprovides the corrected number assignment for this
protocol. This memo obsoletes RFC2261.
Abstract
This document describes an architecture for describing SNMP
Management Frameworks. The architecture is designed to be modular to
allow the evolution of the SNMP protocol standards over time. The
major portions of the architecture are an SNMP engine containing a
Message Processing Subsystem, a Security Subsystem and an Access
Control Subsystem, and possibly multiple SNMP applications which
provide specific functional processing of management data.
Table of Contents
1. IntrodUCtion ................................................ 3
1.1. Overview .................................................. 3
1.2. SNMP ...................................................... 4
1.3. Goals of this Architecture ................................ 5
1.4. Security Requirements of this Architecture ................ 6
1.5. Design Decisions .......................................... 7
2. Documentation Overview ...................................... 8
2.1. Document Roadmap .......................................... 10
2.2. Applicability Statement ................................... 10
2.3. Coexistence and Transition ................................ 10
2.4. Transport Mappings ........................................ 11
2.5. Message Processing ........................................ 11
2.6. Security .................................................. 11
2.7. Access Control ............................................ 11
2.8. Protocol Operations ....................................... 12
2.9. Applications .............................................. 12
2.10. Structure of Management Information ...................... 12
2.11. Textual Conventions ...................................... 13
2.12. Conformance Statements ................................... 13
2.13. Management Information Base Modules ...................... 13
2.13.1. SNMP Instrumentation MIBs .............................. 13
2.14. SNMP Framework Documents ................................. 13
3. Elements of the Architecture ................................ 14
3.1. The Naming of Entities .................................... 14
3.1.1. SNMP engine ............................................. 15
3.1.1.1. snmpEngineID .......................................... 16
3.1.1.2. Dispatcher ............................................ 16
3.1.1.3. Message Processing Subsystem .......................... 16
3.1.1.3.1. Message Processing Model ............................ 17
3.1.1.4. Security Subsystem .................................... 17
3.1.1.4.1. Security Model ...................................... 17
3.1.1.4.2. Security Protocol ................................... 18
3.1.2. Access Control Subsystem ................................ 18
3.1.2.1. Access Control Model .................................. 18
3.1.3. Applications ............................................ 18
3.1.3.1. SNMP Manager .......................................... 19
3.1.3.2. SNMP Agent ............................................ 20
3.2. The Naming of Identities .................................. 21
3.2.1. Principal ............................................... 21
3.2.2. securityName ............................................ 21
3.2.3. Model-dependent security ID ............................. 22
3.3. The Naming of Management Information ...................... 22
3.3.1. An SNMP Context ......................................... 23
3.3.2. contextEngineID ......................................... 24
3.3.3. contextName ............................................. 24
3.3.4. scopedPDU ............................................... 25
3.4. Other Constructs .......................................... 25
3.4.1. maxSizeResponseScopedPDU ................................ 25
3.4.2. Local Configuration Datastore ........................... 25
3.4.3. securityLevel ........................................... 25
4. Abstract Service Interfaces ................................. 26
4.1. Dispatcher Primitives ..................................... 26
4.1.1. Generate Outgoing Request or Notification ............... 26
4.1.2. Process Incoming Request or Notification PDU ............ 26
4.1.3. Generate Outgoing Response .............................. 27
4.1.4. Process Incoming Response PDU ........................... 27
4.1.5. Registering Responsibility for Handling SNMP PDUs ....... 28
4.2. Message Processing Subsystem Primitives ................... 28
4.2.1. Prepare Outgoing SNMP Request or Notification Message ... 28
4.2.2. Prepare an Outgoing SNMP Response Message ............... 29
4.2.3. Prepare Data Elements from an Incoming SNMP Message ..... 29
4.3. Access Control Subsystem Primitives ....................... 30
4.4. Security Subsystem Primitives ............................. 30
4.4.1. Generate a Request or Notification Message .............. 30
4.4.2. Process Incoming Message ................................ 31
4.4.3. Generate a Response Message ............................. 31
4.5. Common Primitives ......................................... 32
4.5.1. Release State Reference Information ..................... 32
4.6. Scenario Diagrams ......................................... 32
4.6.1. Command Generator or Notification Originator ............ 32
4.6.2. Scenario Diagram for a Command Responder Application .... 33
5. Managed Object Definitions for SNMP Management Frameworks ... 35
6. Intellectual Property ....................................... 44
7. Acknowledgements ............................................ 45
8. Security Considerations ..................................... 46
9. References .................................................. 46
10. Editors" Addresses ......................................... 48
A. Guidelines for Model Designers .............................. 49
A.1. Security Model Design Requirements ........................ 49
A.1.1. Threats ................................................. 49
A.1.2. Security Processing ..................................... 50
A.1.3. Validate the security-stamp in a received message ....... 51
A.1.4. Security MIBs ........................................... 51
A.1.5. Cached Security Data .................................... 51
A.2. Message Processing Model Design Requirements .............. 52
A.2.1. Receiving an SNMP Message from the Network .............. 52
A.2.2. Sending an SNMP Message to the Network .................. 52
A.3. Application Design Requirements ........................... 53
A.3.1. Applications that Initiate Messages ..................... 53
A.3.2. Applications that Receive Responses ..................... 54
A.3.3. Applications that Receive Asynchronous Messages ......... 54
A.3.4. Applications that Send Responses ........................ 54
A.4. Access Control Model Design Requirements .................. 55
B. Full Copyright Statement .................................... 56
1. Introduction
1.1. Overview
This document defines a vocabulary for describing SNMP Management
Frameworks, and an architecture for describing the major portions of
SNMP Management Frameworks.
This document does not provide a general introduction to SNMP. Other
documents and books can provide a much better introduction to SNMP.
Nor does this document provide a history of SNMP. That also can be
found in books and other documents.
Section 1 describes the purpose, goals, and design decisions of this
architecture.
Section 2 describes various types of documents which define SNMP
Frameworks, and how they fit into this architecture. It also provides
a minimal road map to the documents which have previously defined
SNMP frameworks.
Section 3 details the vocabulary of this architecture and its pieces.
This section is important for understanding the remaining sections,
and for understanding documents which are written to fit within this
architecture.
Section 4 describes the primitives used for the abstract service
interfaces between the various subsystems, models and applications
within this architecture.
Section 5 defines a collection of managed objects used to instrument
SNMP entities within this architecture.
Sections 6, 7, 8, and 9 are administrative in nature.
Appendix A contains guidelines for designers of Models which are
eXPected to fit within this architecture.
The key Words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
1.2. SNMP
An SNMP management system contains:
- several (potentially many) nodes, each with an SNMP entity
containing command responder and notification originator
applications, which have access to management instrumentation
(traditionally called agents);
- at least one SNMP entity containing command generator and/or
notification receiver applications (traditionally called a
manager) and,
- a management protocol, used to convey management information
between the SNMP entities.
SNMP entities executing command generator and notification receiver
applications monitor and control managed elements. Managed elements
are devices such as hosts, routers, terminal servers, etc., which are
monitored and controlled via access to their management information.
It is the purpose of this document to define an architecture which
can evolve to realize effective management in a variety of
configurations and environments. The architecture has been designed
to meet the needs of implementations of:
- minimal SNMP entities with command responder and/or
notification originator applications (traditionally called SNMP
agents),
- SNMP entities with proxy forwarder applications (traditionally
called SNMP proxy agents),
- command line driven SNMP entities with command generator and/or
notification receiver applications (traditionally called SNMP
command line managers),
- SNMP entities with command generator and/or notification
receiver, plus command responder and/or notification originator
applications (traditionally called SNMP mid-level managers or
dual-role entities),
- SNMP entities with command generator and/or notification
receiver and possibly other types of applications for managing
a potentially very large number of managed nodes (traditionally
called (network) management stations).
1.3. Goals of this Architecture
This architecture was driven by the following goals:
- Use existing materials as much as possible. It is heavily based
on previous work, informally known as SNMPv2u and SNMPv2*.
- Address the need for secure SET support, which is considered
the most important deficiency in SNMPv1 and SNMPv2c.
- Make it possible to move portions of the architecture forward
in the standards track, even if consensus has not been reached
on all pieces.
- Define an architecture that allows for longevity of the SNMP
Frameworks that have been and will be defined.
- Keep SNMP as simple as possible.
- Make it relatively inexpensive to deploy a minimal conforming
implementation.
- Make it possible to upgrade portions of SNMP as new approaches
become available, without disrupting an entire SNMP framework.
- Make it possible to support features required in large
networks, but make the expense of supporting a feature directly
related to the support of the feature.
1.4. Security Requirements of this Architecture
Several of the classical threats to network protocols are applicable
to the management problem and therefore would be applicable to any
Security Model used in an SNMP Management Framework. Other threats
are not applicable to the management problem. This section discusses
principal threats, secondary threats, and threats which are of lesser
importance.
The principal threats against which any Security Model used within
this architecture SHOULD provide protection are:
Modification of Information
The modification threat is the danger that some unauthorized SNMP
entity may alter in-transit SNMP messages generated on behalf of
an authorized principal in such a way as to effect unauthorized
management operations, including falsifying the value of an
object.
Masquerade
The masquerade threat is the danger that management operations not
authorized for some principal may be attempted by assuming the
identity of another principal that has the appropriate
authorizations.
Message Stream Modification
The SNMP protocol is typically based upon a connectionless
transport service which may operate over any subnetwork service.
The re-ordering, delay or replay of messages can and does occur
through the natural operation of many such subnetwork services.
The message stream modification threat is the danger that messages
may be maliciously re-ordered, delayed or replayed to an extent
which is greater than can occur through the natural operation of a
subnetwork service, in order to effect unauthorized management
operations.
Disclosure
The disclosure threat is the danger of eavesdropping on the
exchanges between SNMP engines. Protecting against this threat
may be required as a matter of local policy.
There are at least two threats against which a Security Model within
this architecture need not protect.
Denial of Service
A Security Model need not attempt to address the broad range of
attacks by which service on behalf of authorized users is denied.
Indeed, such denial-of-service attacks are in many cases
indistinguishable from the type of network failures with which any
viable management protocol must cope as a matter of course.
Traffic Analysis
A Security Model need not attempt to address traffic analysis
attacks. Many traffic patterns are predictable - entities may be
managed on a regular basis by a relatively small number of
management stations - and therefore there is no significant
advantage afforded by protecting against traffic analysis.
1.5. Design Decisions
Various design decisions were made in support of the goals of the
architecture and the security requirements:
- Architecture
An architecture should be defined which identifies the
conceptual boundaries between the documents. Subsystems should
be defined which describe the abstract services provided by
specific portions of an SNMP framework. Abstract service
interfaces, as described by service primitives, define the
abstract boundaries between documents, and the abstract
services that are provided by the conceptual subsystems of an
SNMP framework.
- Self-contained Documents
Elements of procedure plus the MIB objects which are needed for
processing for a specific portion of an SNMP framework should
be defined in the same document, and as much as possible,
should not be referenced in other documents. This allows pieces
to be designed and documented as independent and self-contained
parts, which is consistent with the general SNMP MIB module
approach. As portions of SNMP change over time, the documents
describing other portions of SNMP are not directly impacted.
This modularity allows, for example, Security Models,
authentication and privacy mechanisms, and message formats to
be upgraded and supplemented as the need arises. The self-
contained documents can move along the standards track on
different time-lines.
- Threats
The Security Models in the Security Subsystem SHOULD protect
against the principal threats: modification of information,
masquerade, message stream modification and disclosure. They
do not need to protect against denial of service and traffic
analysis.
- Remote Configuration
The Security and Access Control Subsystems add a whole new set
of SNMP configuration parameters. The Security Subsystem also
requires frequent changes of secrets at the various SNMP
entities. To make this deployable in a large operational
environment, these SNMP parameters must be able to be remotely
configured.
- Controlled Complexity
It is recognized that producers of simple managed devices want
to keep the resources used by SNMP to a minimum. At the same
time, there is a need for more complex configurations which can
spend more resources for SNMP and thus provide more
functionality. The design tries to keep the competing
requirements of these two environments in balance and allows
the more complex environments to logically extend the simple
environment.
2. Documentation Overview
The following figure shows the set of documents that fit within the
SNMP Architecture.
+------------------------- Document Set ----------------------------+
+------------+ +-----------------+ +----------------+
Document * Applicability * Coexistence *
Roadmap Statement & Transition
+------------+ +-----------------+ +----------------+
+---------------------------------------------------------------+
Message Handling
+----------------+ +-----------------+ +-----------------+
Transport Message Security
Mappings Processing and
Dispatcher
+----------------+ +-----------------+ +-----------------+
+---------------------------------------------------------------+
+---------------------------------------------------------------+
PDU Handling
+----------------+ +-----------------+ +-----------------+
Protocol Applications Access
Operations Control
+----------------+ +-----------------+ +-----------------+
+---------------------------------------------------------------+
+---------------------------------------------------------------+
Information Model
+--------------+ +--------------+ +---------------+
Structure of Textual Conformance
Management Conventions Statements
Information
+--------------+ +--------------+ +---------------+
+---------------------------------------------------------------+
+---------------------------------------------------------------+
MIBs
+-------------+ +-------------+ +----------+ +----------+
Standard v1 Standard v1 Historic Draft v2
RFC1157 RFC1212 RFC14XX RFC19XX
format format format format
+-------------+ +-------------+ +----------+ +----------+
+---------------------------------------------------------------+
+-------------------------------------------------------------------+
Note: RFC14XX means RFCs 1442, 1443, and 1444. RFC19XX means RFCs
1902, 1903, and 1904.
Those marked with an asterisk (*) are expected to be written in the
future. Each of these documents may be replaced or supplemented.
This Architecture document specifically describes how new documents
fit into the set of documents in the area of Message and PDU
handling.
2.1. Document Roadmap
One or more documents may be written to describe how sets of
documents taken together form specific Frameworks. The configuration
of document sets might change over time, so the "road map" should be
maintained in a document separate from the standards documents
themselves.
2.2. Applicability Statement
SNMP is used in networks that vary widely in size and complexity, by
organizations that vary widely in their requirements of management.
Some models will be designed to address specific problems of
management, such as message security.
One or more documents may be written to describe the environments to
which certain versions of SNMP or models within SNMP would be
appropriately applied, and those to which a given model might be
inappropriately applied.
2.3. Coexistence and Transition
The purpose of an evolutionary architecture is to permit new models
to replace or supplement existing models. The interactions between
models could result in incompatibilities, security "holes", and other
undesirable effects.
The purpose of Coexistence documents is to detail recognized
anomalies and to describe required and recommended behaviors for
resolving the interactions between models within the architecture.
Coexistence documents may be prepared separately from model
definition documents, to describe and resolve interaction anomalies
between a model definition and one or more other model definitions.
Additionally, recommendations for transitions between models may also
be described, either in a coexistence document or in a separate
document.
2.4. Transport Mappings
SNMP messages are sent over various transports. It is the purpose of
Transport Mapping documents to define how the mapping between SNMP
and the transport is done.
2.5. Message Processing
A Message Processing Model document defines a message format, which
is typically identified by a version field in an SNMP message header.
The document may also define a MIB module for use in message
processing and for instrumentation of version-specific interactions.
An SNMP engine includes one or more Message Processing Models, and
thus may support sending and receiving multiple versions of SNMP
messages.
2.6. Security
Some environments require secure protocol interactions. Security is
normally applied at two different stages:
- in the transmission/receipt of messages, and
- in the processing of the contents of messages.
For purposes of this document, "security" refers to message-level
security; "access control" refers to the security applied to protocol
operations.
Authentication, encryption, and timeliness checking are common
functions of message level security.
A security document describes a Security Model, the threats against
which the model protects, the goals of the Security Model, the
protocols which it uses to meet those goals, and it may define a MIB
module to describe the data used during processing, and to allow the
remote configuration of message-level security parameters, such as
passwords.
An SNMP engine may support multiple Security Models concurrently.
2.7. Access Control
During processing, it may be required to control access to managed
objects for operations.
An Access Control Model defines mechanisms to determine whether
access to a managed object should be allowed. An Access Control
Model may define a MIB module used during processing and to allow the
remote configuration of access control policies.
2.8. Protocol Operations
SNMP messages encapsulate an SNMP Protocol Data Unit (PDU). It is the
purpose of a Protocol Operations document to define the operations of
the protocol with respect to the processing of the PDUs.
An application document defines which Protocol Operations documents
are supported by the application.
2.9. Applications
An SNMP entity normally includes a number of applications.
Applications use the services of an SNMP engine to accomplish
specific tasks. They coordinate the processing of management
information operations, and may use SNMP messages to communicate with
other SNMP entities.
Applications documents describe the purpose of an application, the
services required of the associated SNMP engine, and the protocol
operations and informational model that the application uses to
perform management operations.
An application document defines which set of documents are used to
specifically define the structure of management information, textual
conventions, conformance requirements, and operations supported by
the application.
2.10. Structure of Management Information
Management information is viewed as a collection of managed objects,
residing in a virtual information store, termed the Management
Information Base (MIB). Collections of related objects are defined in
MIB modules.
It is the purpose of a Structure of Management Information document
to establish the syntax for defining objects, modules, and other
elements of managed information.
2.11. Textual Conventions
When designing a MIB module, it is often useful to define new types
similar to those defined in the SMI, but with more precise semantics,
or which have special semantics associated with them. These newly
defined types are termed textual conventions, and may defined in
separate documents, or within a MIB module.
2.12. Conformance Statements
It may be useful to define the acceptable lower-bounds of
implementation, along with the actual level of implementation
achieved. It is the purpose of Conformance Statements to define the
notation used for these purposes.
2.13. Management Information Base Modules
MIB documents describe collections of managed objects which
instrument some ASPect of a managed node.
2.13.1. SNMP Instrumentation MIBs
An SNMP MIB document may define a collection of managed objects which
instrument the SNMP protocol itself. In addition, MIB modules may be
defined within the documents which describe portions of the SNMP
architecture, such as the documents for Message processing Models,
Security Models, etc. for the purpose of instrumenting those Models,
and for the purpose of allowing remote configuration of the Model.
2.14. SNMP Framework Documents
This architecture is designed to allow an orderly evolution of
portions of SNMP Frameworks.
Throughout the rest of this document, the term "subsystem" refers to
an abstract and incomplete specification of a portion of a Framework,
that is further refined by a model specification.
A "model" describes a specific design of a subsystem, defining
additional constraints and rules for conformance to the model. A
model is sufficiently detailed to make it possible to implement the
specification.
An "implementation" is an instantiation of a subsystem, conforming to
one or more specific models.
SNMP version 1 (SNMPv1), is the original Internet-standard Network
Management Framework, as described in RFCs 1155, 1157, and 1212.
SNMP version 2 (SNMPv2), is the SNMPv2 Framework as derived from the
SNMPv1 Framework. It is described in RFCs 1902-1907. SNMPv2 has no
message definition.
The Community-based SNMP version 2 (SNMPv2c), is an experimental SNMP
Framework which supplements the SNMPv2 Framework, as described in
RFC1901. It adds the SNMPv2c message format, which is similar to the
SNMPv1 message format.
SNMP version 3 (SNMPv3), is an extensible SNMP Framework which
supplements the SNMPv2 Framework, by supporting the following:
- a new SNMP message format,
- Security for Messages, and
- Access Control.
Other SNMP Frameworks, i.e., other configurations of implemented
subsystems, are expected to also be consistent with this
architecture.
3. Elements of the Architecture
This section describes the various elements of the architecture and
how they are named. There are three kinds of naming:
1) the naming of entities,
2) the naming of identities, and
3) the naming of management information.
This architecture also defines some names for other constructs that
are used in the documentation.
3.1. The Naming of Entities
An SNMP entity is an implementation of this architecture. Each such
SNMP entity consists of an SNMP engine and one or more associated
applications.
The following figure shows details about an SNMP entity and the
components within it.
+-------------------------------------------------------------------+
SNMP entity
+-------------------------------------------------------------+
SNMP engine (identified by snmpEngineID)
+------------+ +------------+ +-----------+ +-----------+
Dispatcher Message Security Access
Processing Subsystem Control
Subsystem Subsystem
+------------+ +------------+ +-----------+ +-----------+
+-------------------------------------------------------------+
+-------------------------------------------------------------+
Application(s)
+-------------+ +--------------+ +--------------+
Command Notification Proxy
Generator Receiver Forwarder
+-------------+ +--------------+ +--------------+
+-------------+ +--------------+ +--------------+
Command Notification Other
Responder Originator
+-------------+ +--------------+ +--------------+
+-------------------------------------------------------------+
+-------------------------------------------------------------------+
3.1.1. SNMP engine
An SNMP engine provides services for sending and receiving messages,
authenticating and encrypting messages, and controlling access to
managed objects. There is a one-to-one association between an SNMP
engine and the SNMP entity which contains it.
The engine contains:
1) a Dispatcher,
2) a Message Processing Subsystem,
3) a Security Subsystem, and
4) an Access Control Subsystem.
3.1.1.1. snmpEngineID
Within an administrative domain, an snmpEngineID is the unique and
unambiguous identifier of an SNMP engine. Since there is a one-to-one
association between SNMP engines and SNMP entities, it also uniquely
and unambiguously identifies the SNMP entity.
3.1.1.2. Dispatcher
There is only one Dispatcher in an SNMP engine. It allows for
concurrent support of multiple versions of SNMP messages in the SNMP
engine. It does so by:
- sending and receiving SNMP messages to/from the network,
- determining the version of an SNMP message and interacting with
the corresponding Message Processing Model,
- providing an abstract interface to SNMP applications for
delivery of a PDU to an application.
- providing an abstract interface for SNMP applications that
allows them to send a PDU to a remote SNMP entity.
3.1.1.3. Message Processing Subsystem
The Message Processing Subsystem is responsible for preparing
messages for sending, and extracting data from received messages.
The Message Processing Subsystem potentially contains multiple
Message Processing Models as shown in the next figure.
* One or more Message Processing Models may be present.
+------------------------------------------------------------------+
Message Processing Subsystem
+------------+ +------------+ +------------+ +------------+
* * * *
SNMPv3 SNMPv1 SNMPv2c Other
Message Message Message Message
Processing Processing Processing Processing
Model Model Model Model
+------------+ +------------+ +------------+ +------------+
+------------------------------------------------------------------+
3.1.1.3.1. Message Processing Model
Each Message Processing Model defines the format of a particular
version of an SNMP message and coordinates the preparation and
extraction of each such version-specific message format.
3.1.1.4. Security Subsystem
The Security Subsystem provides security services such as the
authentication and privacy of messages and potentially contains
multiple Security Models as shown in the following figure
* One or more Security Models may be present.
+------------------------------------------------------------------+
Security Subsystem
+----------------+ +-----------------+ +-------------------+
* * *
User-Based Other Other
Security Security Security
Model Model Model
+----------------+ +-----------------+ +-------------------+
+------------------------------------------------------------------+
3.1.1.4.1. Security Model
A Security Model defines the threats against which it protects, the
goals of its services, and the security protocols used to provide
security services such as authentication and privacy.
3.1.1.4.2. Security Protocol
A Security Protocol defines the mechanisms, procedures, and MIB data
used to provide a security service such as authentication or privacy.
3.1.2. Access Control Subsystem
The Access Control Subsystem provides authorization services by means
of one or more Access Control Models.
+------------------------------------------------------------------+
Access Control Subsystem
+---------------+ +-----------------+ +------------------+
* * *
View-Based Other Other
Access Access Access
Control Control Control
Model Model Model
+---------------+ +-----------------+ +------------------+
+------------------------------------------------------------------+
3.1.2.1. Access Control Model
An Access Control Model defines a particular access decision function
in order to support decisions regarding access rights.
3.1.3. Applications
There are several types of applications, including:
- command generators, which monitor and manipulate management
data,
- command responders, which provide access to management data,
- notification originators, which initiate asynchronous messages,
- notification receivers, which process asynchronous messages,
and
- proxy forwarders, which forward messages between entities.
These applications make use of the services provided by the SNMP
engine.
3.1.3.1. SNMP Manager
An SNMP entity containing one or more command generator and/or
notification receiver applications (along with their associated SNMP
engine) has traditionally been called an SNMP manager. * One or more
models may be present.
(traditional SNMP manager)
+-------------------------------------------------------------------+
+--------------+ +--------------+ +--------------+ SNMP entity
NOTIFICATION NOTIFICATION COMMAND
ORIGINATOR RECEIVER GENERATOR
applications applications applications
+--------------+ +--------------+ +--------------+
^ ^ ^
v v v
+-------+--------+-----------------+
^
+---------------------+ +----------------+
Message Processing Security
Dispatcher v Subsystem Subsystem
+-------------------+ +------------+
PDU Dispatcher +-> v1MP * <---> +------------+
+------------+ Other
+------------+ Security
+-> v2cMP * <---> Model
Message +------------+ +------------+
Dispatcher <--------->+
+------------+ +------------+
+-> v3MP * <---> User-based
Transport +------------+ Security
Mapping +------------+ Model
(e.g RFC1906) +-> otherMP * <---> +------------+
+-------------------+ +------------+
^ +---------------------+ +----------------+
v
+-------------------------------------------------------------------+
+-----+ +-----+ +-------+
UDP IPX . . . other
+-----+ +-----+ +-------+
^ ^ ^
v v v
+------------------------------+
Network
+------------------------------+
3.1.3.2. SNMP Agent
An SNMP entity containing one or more command responder and/or
notification originator applications (along with their associated
SNMP engine) has traditionally been called an SNMP agent.
+------------------------------+
Network
+------------------------------+
^ ^ ^
v v v
+-----+ +-----+ +-------+
UDP IPX . . . other
+-----+ +-----+ +-------+ (traditional SNMP agent)
+-------------------------------------------------------------------+
^
+---------------------+ +----------------+
Message Processing Security
Dispatcher v Subsystem Subsystem
+-------------------+ +------------+
Transport +-> v1MP * <---> +------------+
Mapping +------------+ Other
(e.g. RFC1906) +------------+ Security
+-> v2cMP * <---> Model
Message +------------+ +------------+
Dispatcher <---------> +------------+ +------------+
+-> v3MP * <---> User-based
+------------+ Security
PDU Dispatcher +------------+ Model
+-------------------+ +-> otherMP * <---> +------------+
^ +------------+
+---------------------+ +----------------+
v
+-------+-------------------------+---------------+
^ ^ ^
v v v
+-------------+ +---------+ +--------------+ +-------------+
COMMAND ACCESS NOTIFICATION PROXY *
RESPONDER <-> CONTROL <-> ORIGINATOR FORWARDER
application applications application
+-------------+ +---------+ +--------------+ +-------------+
^ ^
v v
+----------------------------------------------+
MIB instrumentation SNMP entity
+-------------------------------------------------------------------+
3.2. The Naming of Identities
principal
^
+-----------------------------------------+
SNMP engine v
+--------------+
+----------------- securityName ---+
Security Model
+--------------+
^
v
+------------------------------+
Model
Dependent
Security ID
+------------------------------+
^
+-----------------------------------+
+-----------------------------------------+
v
network
3.2.1. Principal
A principal is the "who" on whose behalf services are provided or
processing takes place.
A principal can be, among other things, an individual acting in a
particular role; a set of individuals, with each acting in a
particular role; an application or a set of applications; and
combinations thereof.
3.2.2. securityName
A securityName is a human readable string representing a principal.
It has a model-independent format, and can be used outside a
particular Security Model.
3.2.3. Model-dependent security ID
A model-dependent security ID is the model-specific representation of
a securityName within a particular Security Model.
Model-dependent security IDs may or may not be human readable, and
have a model-dependent syntax. Examples include community names, user
names, and parties.
The transformation of model-dependent security IDs into securityNames
and vice versa is the responsibility of the relevant Security Model.
3.3. The Naming of Management Information
Management information resides at an SNMP entity where a Command
Responder Application has local access to potentially multiple
contexts. This application uses a contextEngineID equal to the
snmpEngineID of its associated SNMP engine.
+-----------------------------------------------------------------+
SNMP entity (identified by snmpEngineID, example: abcd)
+------------------------------------------------------------+
SNMP engine (identified by snmpEngineID)
+-------------+ +------------+ +-----------+ +-----------+
Dispatcher Message Security Access
Processing Subsystem Control
Subsystem Subsystem
+-------------+ +------------+ +-----------+ +-----------+
+------------------------------------------------------------+
+------------------------------------------------------------+
Command Responder Application
(contextEngineID, example: abcd)
example contextNames:
"bridge1" "bridge2" "" (default)
--------- --------- ------------
+---------------------------------------------------------+
+---------------------------------------------------------+
MIB instrumentation
+---v------------+ +---v------------+ +----v-----------+
context context context
+------------+ +------------+ +------------+
bridge MIB bridge MIB other MIB
+------------+ +------------+ +------------+
+------------+
some MIB
+------------+
+-----------------------------------------------------------------+
3.3.1. An SNMP Context
An SNMP context, or just "context" for short, is a collection of
management information accessible by an SNMP entity. An item of
management information may exist in more than one context. An SNMP
entity potentially has access to many contexts.
Typically, there are many instances of each managed object type
within a management domain. For simplicity, the method for
identifying instances specified by the MIB module does not allow each
instance to be distinguished amongst the set of all instances within
a management domain; rather, it allows each instance to be identified
only within some scope or "context", where there are multiple such
contexts within the management domain. Often, a context is a
physical device, or perhaps, a logical device, although a context can
also encompass multiple devices, or a subset of a single device, or
even a subset of multiple devices, but a context is always defined as
a subset of a single SNMP entity. Thus, in order to identify an
individual item of management information within the management
domain, its contextName and contextEngineID must be identified in
addition to its object type and its instance.
For example, the managed object type ifDescr [RFC1573], is defined as
the description of a network interface. To identify the description
of device-X"s first network interface, four pieces of information are
needed: the snmpEngineID of the SNMP entity which provides access to
the management information at device-X, the contextName (device-X),
the managed object type (ifDescr), and the instance ("1").
Each context has (at least) one unique identification within the
management domain. The same item of management information can exist
in multiple contexts. An item of management information may have
multiple unique identifications. This occurs when an item of
management information exists in multiple contexts, and this also
occurs when a context has multiple unique identifications.
The combination of a contextEngineID and a contextName unambiguously
identifies a context within an administrative domain; note that there
may be multiple unique combinations of contextEngineID and
contextName that unambiguously identify the same context.
3.3.2. contextEngineID
Within an administrative domain, a contextEngineID uniquely
identifies an SNMP entity that may realize an instance of a context
with a particular contextName.
3.3.3. contextName
A contextName is used to name a context. Each contextName MUST be
unique within an SNMP entity.
3.3.4. scopedPDU
A scopedPDU is a block of data containing a contextEngineID, a
contextName, and a PDU.
The PDU is an SNMP Protocol Data Unit containing information named in
the context which is unambiguously identified within an
administrative domain by the combination of the contextEngineID and
the contextName. See, for example, RFC1905 for more information about
SNMP PDUs.
3.4. Other Constructs
3.4.1. maxSizeResponseScopedPDU
The maxSizeResponseScopedPDU is the maximum size of a scopedPDU to be
included in a response message. Note that the size of a scopedPDU
does not include the size of the SNMP message header.
3.4.2. Local Configuration Datastore
The subsystems, models, and applications within an SNMP entity may
need to retain their own sets of configuration information.
Portions of the configuration information may be accessible as
managed objects.
The collection of these sets of information is referred to as an
entity"s Local Configuration Datastore (LCD).
3.4.3. securityLevel
This architecture recognizes three levels of security:
- without authentication and without privacy (noAuthNoPriv)
- with authentication but without privacy (authNoPriv)
- with authentication and with privacy (authPriv)
These three values are ordered such that noAuthNoPriv is less than
authNoPriv and authNoPriv is less than authPriv.
Every message has an associated securityLevel. All Subsystems
(Message Processing, Security, Access Control) and applications are
required to either supply a value of securityLevel or to abide by the
supplied value of securityLevel while processing the message and its
contents.
4. Abstract Service Interfaces
Abstract service interfaces have been defined to describe the
conceptual interfaces between the various subsystems within an SNMP
entity.
These abstract service interfaces are defined by a set of primitives
that define the services provided and the abstract data elements that
are to be passed when the services are invoked. This section lists
the primitives that have been defined for the various subsystems.
4.1. Dispatcher Primitives
The Dispatcher typically provides services to the SNMP applications
via its PDU Dispatcher. This section describes the primitives
provided by the PDU Dispatcher.
4.1.1. Generate Outgoing Request or Notification
The PDU Dispatcher provides the following primitive for an
application to send an SNMP Request or Notification to another SNMP
entity:
statusInformation = -- sendPduHandle if success
-- errorIndication if failure
sendPdu(
IN transportDomain -- transport domain to be used
IN transportAddress -- transport address to be used
IN messageProcessingModel -- typically, SNMP version
IN securityModel -- Security Model to use
IN securityName -- on behalf of this principal
IN securityLevel -- Level of Security requested
IN contextEngineID -- data from/at this entity
IN contextName -- data from/in this context
IN pduVersion -- the version of the PDU
IN PDU -- SNMP Protocol Data Unit
IN expectResponse -- TRUE or FALSE
)
4.1.2. Process Incoming Request or Notification PDU
The PDU Dispatcher provides the following primitive to pass an
incoming SNMP PDU to an application:
processPdu( -- process Request/Notification PDU
IN messageProcessingModel -- typically, SNMP version
IN securityModel -- Security Model in use
IN securityName -- on behalf of this principal
IN securityLevel -- Level of Security
IN contextEngineID -- data from/at this SNMP entity
IN contextName -- data from/in this context
IN pduVersion -- the version of the PDU
IN PDU -- SNMP Protocol Data Unit
IN maxSizeResponseScopedPDU -- maximum size of the Response PDU
IN stateReference -- reference to state information
) -- needed when sending a response
4.1.3. Generate Outgoing Response
The PDU Dispatcher provides the following primitive for an
application to return an SNMP Response PDU to the PDU Dispatcher:
returnResponsePdu(
IN messageProcessingModel -- typically, SNMP version
IN securityModel -- Security Model in use
IN securityName -- on behalf of this principal
IN securityLevel -- same as on incoming request
IN contextEngineID -- data from/at this SNMP entity
IN contextName -- data from/in this context
IN pduVersion -- the version of the PDU
IN PDU -- SNMP Protocol Data Unit
IN maxSizeResponseScopedPDU -- maximum size of the Response PDU
IN stateReference -- reference to state information
-- as presented with the request
IN statusInformation -- success or errorIndication
) -- error counter OID/value if error
4.1.4. Process Incoming Response PDU
The PDU Dispatcher provides the following primitive to pass an
incoming SNMP Response PDU to an application:
processResponsePdu( -- process Response PDU
IN messageProcessingModel -- typically, SNMP version
IN securityModel -- Security Model in use
IN securityName -- on behalf of this principal
IN securityLevel -- Level of Security
IN contextEngineID -- data from/at this SNMP entity
IN contextName -- data from/in this context
IN pduVersion -- the version of the PDU
IN PDU -- SNMP Protocol Data Unit
IN statusInformation -- success or errorIndication
IN sendPduHandle -- handle from sendPdu
)
4.1.5. Registering Responsibility for Handling SNMP PDUs
Applications can register/unregister responsibility for a specific
contextEngineID, for specific pduTypes, with the PDU Dispatcher
according to the following primitives. The list of particular
pduTypes that an application can register for is determined by the
Message Processing Model(s) supported by the SNMP entity that
contains the PDU Dispatcher.
statusInformation = -- success or errorIndication
registerContextEngineID(
IN contextEngineID -- take responsibility for this one
IN pduType -- the pduType(s) to be registered
)
unregisterContextEngineID(
IN contextEngineID -- give up responsibility for this one
IN pduType -- the pduType(s) to be unregistered
)
Note that realizations of the registerContextEngineID and
unregisterContextEngineID abstract service interfaces may provide
implementation-specific ways for applications to register/deregister
responsiblity for all possible values of the contextEngineID or
pduType parameters.
4.2. Message Processing Subsystem Primitives
The Dispatcher interacts with a Message Processing Model to process a
specific version of an SNMP Message. This section describes the
primitives provided by the Message Processing Subsystem.
4.2.1. Prepare Outgoing SNMP Request or Notification Message
The Message Processing Subsystem provides this service primitive for
preparing an outgoing SNMP Request or Notification Message:
statusInformation = -- success or errorIndication
prepareOutgoingMessage(
IN transportDomain -- transport domain to be used
IN transportAddress -- transport address to be used
IN messageProcessingModel -- typically, SNMP version
IN securityModel -- Security Model to use
IN securityName -- on behalf of this principal
IN securityLevel -- Level of Security requested
IN contextEngineID -- data from/at this entity
IN contextName -- data from/in this context
IN pduVersion -- the version of the PDU
IN PDU -- SNMP Protocol Data Unit
IN expectResponse -- TRUE or FALSE
IN sendPduHandle -- the handle for matching
-- incoming responses
OUT destTransportDomain -- destination transport domain
OUT destTransportAddress -- destination transport address
OUT outgoingMessage -- the message to send
OUT outgoingMessageLength -- its length
)
4.2.2. Prepare an Outgoing SNMP Response Message
The Message Processing Subsystem provides this service primitive for
preparing an outgoing SNMP Response Message:
result = -- SUCCESS or FAILURE
prepareResponseMessage(
IN messageProcessingModel -- typically, SNMP version
IN securityModel -- same as on incoming request
IN securityName -- same as on incoming request
IN securityLevel -- same as on incoming request
IN contextEngineID -- data from/at this SNMP entity
IN contextName -- data from/in this context
IN pduVersion -- the version of the PDU
IN PDU -- SNMP Protocol Data Unit
IN maxSizeResponseScopedPDU -- maximum size of the Response PDU
IN stateReference -- reference to state information
-- as presented with the request
IN statusInformation -- success or errorIndication
-- error counter OID/value if error
OUT destTransportDomain -- destination transport domain
OUT destTransportAddress -- destination transport address
OUT outgoingMessage -- the message to send
OUT outgoingMessageLength -- its length
)
4.2.3. Prepare Data Elements from an Incoming SNMP Message
The Message Processing Subsystem provides this service primitive for
preparing the abstract data elements from an incoming SNMP message:
result = -- SUCCESS or errorIndication
prepareDataElements(
IN transportDomain -- origin transport domain
IN transportAddress -- origin transport address
IN wholeMsg -- as received from the network
IN wholeMsgLength -- as received from the network
OUT messageProcessingModel -- typically, SNMP version
OUT securityModel -- Security Model to use
OUT securityName -- on behalf of this principal
OUT securityLevel -- Level of Security requested
OUT contextEngineID -- data from/at this entity
OUT contextName -- data from/in this context
OUT pduVersion -- the version of the PDU
OUT PDU -- SNMP Protocol Data Unit
OUT pduType -- SNMP PDU type
OUT sendPduHandle -- handle for matched request
OUT maxSizeResponseScopedPDU -- maximum size of the Response PDU
OUT statusInformation -- success or errorIndication
-- error counter OID/value if error
OUT stateReference -- reference to state information
-- to be used for possible Response
)
4.3. Access Control Subsystem Primitives
Applications are the typical clients of the service(s) of the Access
Control Subsystem.
The following primitive is provided by the Access Control Subsystem
to check if access is allowed:
statusInformation = -- success or errorIndication
isAccessAllowed(
IN securityModel -- Security Model in use
IN securityName -- principal who wants to access
IN securityLevel -- Level of Security
IN viewType -- read, write, or notify view
IN contextName -- context containing variableName
IN variableName -- OID for the managed object
)
4.4. Security Subsystem Primitives
The Message Processing Subsystem is the typical client of the
services of the Security Subsystem.
4.4.1. Generate a Request or Notification Message
The Security Subsystem provides the following primitive to generate a
Request or Notification message:
statusInformation =
generateRequestMsg(
IN messageProcessingModel -- typically, SNMP version
IN globalData -- message header, admin data
IN maxMessageSize -- of the sending SNMP entity
IN securityModel -- for the outgoing message
IN securityEngineID -- authoritative SNMP entity
IN securityName -- on behalf of this principal
IN securityLevel -- Level of Security requested
IN scopedPDU -- message (plaintext) payload
OUT securityParameters -- filled in by Security Module
OUT wholeMsg -- complete generated message
OUT wholeMsgLength -- length of the generated message
)
4.4.2. Process Incoming Message
The Security Subsystem provides the following primitive to process an
incoming message:
statusInformation = -- errorIndication or success
-- error counter OID/value if error
processIncomingMsg(
IN messageProcessingModel -- typically, SNMP version
IN maxMessageSize -- of the sending SNMP entity
IN securityParameters -- for the received message
IN securityModel -- for the received message
IN securityLevel -- Level of Security
IN wholeMsg -- as received on the wire
IN wholeMsgLength -- length as received on the wire
OUT securityEngineID -- identification of the principal
OUT securityName -- identification of the principal
OUT scopedPDU, -- message (plaintext) payload
OUT maxSizeResponseScopedPDU -- maximum size of the Response PDU
OUT securityStateReference -- reference to security state
) -- information, needed for response
4.4.3. Generate a Response Message
The Security Subsystem provides the following primitive to generate a
Response message:
statusInformation =
generateResponseMsg(
IN messageProcessingModel -- typically, SNMP version
IN globalData -- message header, admin data
IN maxMessageSize -- of the sending SNMP entity
IN securityModel -- for the outgoing message
IN securityEngineID -- authoritative SNMP entity
IN securityName -- on behalf of this principal
IN securityLevel -- for the outgoing message
IN scopedPDU -- message (plaintext) payload
IN securityStateReference -- reference to security state
-- information from original request
OUT securityParameters -- filled in by Security Module
OUT wholeMsg -- complete generated message
OUT wholeMsgLength -- length of the generated message
)
4.5. Common Primitives
These primitive(s) are provided by multiple Subsystems.
4.5.1. Release State Reference Information
All Subsystems which pass stateReference information also provide a
primitive to release the memory that holds the referenced state
information:
stateRelease(
IN stateReference -- handle of reference to be released
)
4.6. Scenario Diagrams
4.6.1. Command Generator or Notification Originator
This diagram shows how a Command Generator or Notification Originator
application requests that a PDU be sent, and how the response is
returned (asynchronously) to that application.
Command Dispatcher Message Security
Generator Processing Model
Model
sendPdu
------------------->
prepareOutgoingMessage
: ----------------------->
: generateRequestMsg
: -------------------->
:
: <--------------------
:
: <-----------------------
:
: ------------------+
: Send SNMP
: Request Message
: to Network
: v
: : : : :
: : : : :
: : : : :
:
: Receive SNMP
: Response Message
: from Network
: <-----------------+
:
: prepareDataElements
: ----------------------->
: processIncomingMsg
: -------------------->
:
: <--------------------
:
: <-----------------------
processResponsePdu
<-------------------
4.6.2. Scenario Diagram for a Command Responder Application
This diagram shows how a Command Responder or Notification Receiver
application registers for handling a pduType, how a PDU is dispatched
to the application after a SNMP message is received, and how the
Response is (asynchronously) send back to the network.
Command Dispatcher Message Security
Responder Processing Model
Model
registerContextEngineID
------------------------>
<------------------------
Receive SNMP
: Message
: from Network
: <-------------+
:
: prepareDataElements
: ------------------->
: processIncomingMsg
: ------------------->
:
: <-------------------
:
: <-------------------
processPdu
<------------------------
: : : :
: : : :
returnResponsePdu
------------------------>
: prepareResponseMsg
: ------------------->
: generateResponseMsg
: ------------------->
:
: <-------------------
:
: <-------------------
:
: --------------+
: Send SNMP
: Message
: to Network
: v
5. Managed Object Definitions for SNMP Management Frameworks
SNMP-FRAMEWORK-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE,
OBJECT-IDENTITY,
snmpModules FROM SNMPv2-SMI
TEXTUAL-CONVENTION FROM SNMPv2-TC
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF;
snmpFrameworkMIB MODULE-IDENTITY
LAST-UPDATED "9711200000Z" -- 20 November 1997
ORGANIZATION "SNMPv3 Working Group"
CONTACT-INFO "WG-email: snmpv3@tis.com
Subscribe: majordomo@tis.com
In message body: subscribe snmpv3
Chair: Russ Mundy
Trusted Information Systems
postal: 3060 Washington Rd
Glenwood MD 21738
USA
email: mundy@tis.com
phone: +1 301-854-6889
Co-editor Dave Harrington
Cabletron Systems, Inc.
postal: Post Office Box 5005
Mail Stop: Durham
35 Industrial Way
Rochester, NH 03867-5005
USA
email: dbh@ctron.com
phone: +1