draft-ietf-snmpv3-coex-06.txt   draft-ietf-snmpv3-coex-07.txt 
skipping to change at page 1, line 13 skipping to change at page 1, line 13
INTERNET-DRAFT Rob Frye INTERNET-DRAFT Rob Frye
CoSine Communications CoSine Communications
David B. Levi David B. Levi
Nortel Networks Nortel Networks
Shawn A. Routhier Shawn A. Routhier
Integrated Systems Inc. Integrated Systems Inc.
Bert Wijnen Bert Wijnen
IBM T.J. Watson Research IBM T.J. Watson Research
Coexistence between Version 1, Version 2, and Version 3 Coexistence between Version 1, Version 2, and Version 3
of the Internet-standard Network Management Framework of the Internet-standard Network Management Framework
<draft-ietf-snmpv3-coex-06.txt> <draft-ietf-snmpv3-coex-07.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. Internet-Drafts are working all provisions of Section 10 of RFC2026. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
skipping to change at page 3, line 16 skipping to change at page 3, line 16
1 Overview ..................................................... 4 1 Overview ..................................................... 4
1.1 SNMPv1 ..................................................... 4 1.1 SNMPv1 ..................................................... 4
1.2 SNMPv2 ..................................................... 5 1.2 SNMPv2 ..................................................... 5
1.3 SNMPv3 ..................................................... 6 1.3 SNMPv3 ..................................................... 6
1.4 SNMPv1 and SNMPv2 Access to MIB Data ....................... 6 1.4 SNMPv1 and SNMPv2 Access to MIB Data ....................... 6
2 SMI and Management Information Mappings ...................... 8 2 SMI and Management Information Mappings ...................... 8
2.1 MIB Modules ................................................ 8 2.1 MIB Modules ................................................ 8
2.1.1 Object Definitions ....................................... 8 2.1.1 Object Definitions ....................................... 8
2.1.2 Trap and Notification Definitions ........................ 11 2.1.2 Trap and Notification Definitions ........................ 11
2.2 Compliance Statements ...................................... 11 2.2 Compliance Statements ...................................... 12
2.3 Capabilities Statements .................................... 12 2.3 Capabilities Statements .................................... 12
3 Translating Notifications Parameters ......................... 13 3 Translating Notifications Parameters ......................... 13
3.1 Translating SNMPv1 Notification Parameters to SNMPv2 3.1 Translating SNMPv1 Notification Parameters to SNMPv2
Notification Parameters ................................... 14 Notification Parameters ................................... 14
3.2 Translating SNMPv2 Notification Parameters to SNMPv1 3.2 Translating SNMPv2 Notification Parameters to SNMPv1
Notification Parameters ................................... 15 Notification Parameters ................................... 15
4 Approaches to Coexistence in a Multi-lingual Network ......... 18 4 Approaches to Coexistence in a Multi-lingual Network ......... 18
4.1 Multi-lingual implementations .............................. 18 4.1 Multi-lingual implementations .............................. 18
4.1.1 Command Generator ........................................ 18 4.1.1 Command Generator ........................................ 18
4.1.2 Command Responder ........................................ 19 4.1.2 Command Responder ........................................ 19
4.1.2.1 Handling Counter64 ..................................... 19 4.1.2.1 Handling Counter64 ..................................... 19
4.1.2.2 Mapping SNMPv2 Exceptions .............................. 20 4.1.2.2 Mapping SNMPv2 Exceptions .............................. 20
4.1.2.2.1 Mapping noSuchObject and noSuchInstance .............. 21 4.1.2.2.1 Mapping noSuchObject and noSuchInstance .............. 21
4.1.2.2.2 Mapping endOfMibView ................................. 21 4.1.2.2.2 Mapping endOfMibView ................................. 21
4.1.2.3 Processing An SNMPv1 GetRequest ........................ 21 4.1.2.3 Processing An SNMPv1 GetRequest ........................ 21
4.1.2.4 Processing An SNMPv1 GetNextRequest .................... 22 4.1.2.4 Processing An SNMPv1 GetNextRequest .................... 22
4.1.2.5 Processing An SNMPv1 SetRequest ........................ 24 4.1.2.5 Processing An SNMPv1 SetRequest ........................ 24
4.1.2.6 Translation of authorizationError ...................... 24
4.1.3 Notification Originator .................................. 24 4.1.3 Notification Originator .................................. 24
4.1.4 Notification Receiver .................................... 25 4.1.4 Notification Receiver .................................... 25
4.2 Proxy Implementations ...................................... 25 4.2 Proxy Implementations ...................................... 25
4.2.1 Upstream Version Greater Than Downstream Version ......... 26 4.2.1 Upstream Version Greater Than Downstream Version ......... 25
4.2.2 Upstream Version Less Than Downstream Version ............ 27 4.2.2 Upstream Version Less Than Downstream Version ............ 26
4.3 Error Status Mappings ...................................... 28 4.3 Error Status Mappings ...................................... 28
5 Message Processing Models and Security Models ................ 30 5 Message Processing Models and Security Models ................ 30
5.1 Mappings ................................................... 30 5.1 Mappings ................................................... 30
5.2 The SNMPv1 MP Model and SNMPv1 Community-based Security 5.2 The SNMPv1 MP Model and SNMPv1 Community-based Security
Model ..................................................... 30 Model ..................................................... 30
5.2.1 Processing An Incoming Request ........................... 31 5.2.1 Processing An Incoming Request ........................... 31
5.2.2 Generating An Outgoing Response .......................... 33 5.2.2 Generating An Outgoing Response .......................... 33
5.2.3 Generating An Outgoing Notification ...................... 33 5.2.3 Generating An Outgoing Notification ...................... 33
5.3 The SNMP Community MIB Module .............................. 34 5.3 The SNMP Community MIB Module .............................. 34
6 Intellectual Property ........................................ 45 6 Intellectual Property ........................................ 45
7 Acknowledgments .............................................. 46 7 Acknowledgments .............................................. 46
8 Security Considerations ...................................... 47 8 Security Considerations ...................................... 47
9 References ................................................... 48 9 References ................................................... 48
10 Editor's Address ............................................ 50 10 Editor's Addresses .......................................... 50
A. Full Copyright Statement .................................... 51 A. Full Copyright Statement .................................... 51
1. Overview 1. Overview
The purpose of this document is to describe coexistence between The purpose of this document is to describe coexistence between
version 3 of the Internet-standard Network Management Framework, version 3 of the Internet-standard Network Management Framework,
termed the SNMP version 3 framework (SNMPv3), version 2 of the termed the SNMP version 3 framework (SNMPv3), version 2 of the
Internet-standard Network Management Framework, termed the SNMP Internet-standard Network Management Framework, termed the SNMP
version 2 framework (SNMPv2), and the original Internet-standard version 2 framework (SNMPv2), and the original Internet-standard
Network Management Framework (SNMPv1). Network Management Framework (SNMPv1).
skipping to change at page 9, line 37 skipping to change at page 9, line 37
have a DESCRIPTION clause defined. have a DESCRIPTION clause defined.
(9) For any object corresponding to a conceptual row which does not (9) For any object corresponding to a conceptual row which does not
have an INDEX clause, the object MUST have either an INDEX clause have an INDEX clause, the object MUST have either an INDEX clause
or an AUGMENTS clause defined. or an AUGMENTS clause defined.
(10) If any INDEX clause contains a reference to an object with a syntax (10) If any INDEX clause contains a reference to an object with a syntax
of NetworkAddress, then a new object MUST be created and placed in of NetworkAddress, then a new object MUST be created and placed in
this INDEX clause immediately preceding the object whose syntax is this INDEX clause immediately preceding the object whose syntax is
NetworkAddress. This new object MUST have a syntax of INTEGER, it NetworkAddress. This new object MUST have a syntax of INTEGER, it
MUST be not-accessible, and its value MUST always be 1. MUST be not-accessible, and its value MUST always be 1. This
approach allows one to convert a MIB module in SMIv1 format to one
in SMIv2 format, and then use it wih the SNMPv1 protocol with no
impact to existing SNMPv1 agents and managers.
(11) For any object with a SYNTAX of NetworkAddress, the SYNTAX MUST be (11) For any object with a SYNTAX of NetworkAddress, the SYNTAX MUST be
changed to IpAddress. Note that the use of NetworkAddress in new changed to IpAddress. Note that the use of NetworkAddress in new
MIB documents is strongly discouraged (in fact, new MIB documents MIB documents is strongly discouraged (in fact, new MIB documents
should be written using SMIv2, which does not define should be written using SMIv2, which does not define
NetworkAddress). NetworkAddress).
(12) For any object containing a DEFVAL clause with an OBJECT IDENTIFIER (12) For any object containing a DEFVAL clause with an OBJECT IDENTIFIER
value which is expressed as a collection of sub-identifiers, the value which is expressed as a collection of sub-identifiers, the
value MUST be changed to reference a single ASN.1 identifier. This value MUST be changed to reference a single ASN.1 identifier. This
skipping to change at page 16, line 11 skipping to change at page 16, line 11
snmpTrapEnterprise.0 if that variable-binding exists. If it snmpTrapEnterprise.0 if that variable-binding exists. If it
does not exist, the SNMPv1 enterprise parameter SHALL be set does not exist, the SNMPv1 enterprise parameter SHALL be set
to the value 'snmpTraps' as defined in RFC1907 [12]. to the value 'snmpTraps' as defined in RFC1907 [12].
- If the SNMPv2 snmpTrapOID parameter is not one of the standard - If the SNMPv2 snmpTrapOID parameter is not one of the standard
traps as defined in RFC1907 [12], then the SNMPv1 enterprise traps as defined in RFC1907 [12], then the SNMPv1 enterprise
parameter SHALL be determined from the SNMPv2 snmpTrapOID parameter SHALL be determined from the SNMPv2 snmpTrapOID
parameter as follows: parameter as follows:
- If the next-to-last sub-identifier of the snmpTrapOID is - If the next-to-last sub-identifier of the snmpTrapOID is
zero, then the SMIv1 enterprise SHALL be the SNMPv2 zero, then the SNMPv1 enterprise SHALL be the SNMPv2
snmpTrapOID with the last 2 sub-identifiers removed, snmpTrapOID with the last 2 sub-identifiers removed,
otherwise otherwise
- If the next-to-last sub-identifier of the snmpTrapOID is - If the next-to-last sub-identifier of the snmpTrapOID is
non-zero, then the SMIv1 enterprise SHALL be the SNMPv2 non-zero, then the SNMPv1 enterprise SHALL be the SNMPv2
snmpTrapOID with the last sub-identifier removed. snmpTrapOID with the last sub-identifier removed.
(2) The SNMPv1 agent-addr parameter SHALL be determined based on the (2) The SNMPv1 agent-addr parameter SHALL be determined based on the
situation in which the translation occurs. situation in which the translation occurs.
- If the translation occurs within a notification originator - If the translation occurs within a notification originator
application, and the notification is to be sent over IP, the application, and the notification is to be sent over IP, the
SNMPv1 agent-addr parameter SHALL be set to the IP address of SNMPv1 agent-addr parameter SHALL be set to the IP address of
the SNMP entity in which the notification originator resides. the SNMP entity in which the notification originator resides.
If the notification is to be sent over some other transport, If the notification is to be sent over some other transport,
skipping to change at page 24, line 24 skipping to change at page 24, line 24
- The error status SHALL be translated to an SNMPv1 error-status - The error status SHALL be translated to an SNMPv1 error-status
using the table in section 4.3, "Error Status Mappings". using the table in section 4.3, "Error Status Mappings".
- The error-index SHALL be set to the position (in the original - The error-index SHALL be set to the position (in the original
request) of the variable binding that caused the error-status. request) of the variable binding that caused the error-status.
- The variable binding list of the response PDU SHALL be made - The variable binding list of the response PDU SHALL be made
exactly the same as the variable binding list that was exactly the same as the variable binding list that was
received in the original request. received in the original request.
4.1.2.6. Translation of authorizationError
Whenever the SNMPv2 error-status value of authorizationError is
translated to an SNMPv1 error-status value of noSuchName, the value
of snmpInBadCommunityUses MUST be incremented.
4.1.3. Notification Originator 4.1.3. Notification Originator
A notification originator must be able to translate between SNMPv1 A notification originator must be able to translate between SNMPv1
notifications parameters and SNMPv2 notification parameters in order notifications parameters and SNMPv2 notification parameters in order
to send a notification using a particular SNMP message version. If a to send a notification using a particular SNMP message version. If a
notification is generated using SNMPv1 notification parameters, and notification is generated using SNMPv1 notification parameters, and
configuration information specifies that notifications be sent using configuration information specifies that notifications be sent using
SNMPv2c or SNMPv3, the notification parameters must be translated to SNMPv2c or SNMPv3, the notification parameters must be translated to
SNMPv2 notification parameters. Likewise, if a notification is SNMPv2 notification parameters. Likewise, if a notification is
generated using SNMPv2 notification parameters, and configuration generated using SNMPv2 notification parameters, and configuration
skipping to change at page 25, line 46 skipping to change at page 25, line 38
accomplished in a proxy forwarder application by performing accomplished in a proxy forwarder application by performing
translations on PDUs. These translations depend on the PDU type, the translations on PDUs. These translations depend on the PDU type, the
SNMP version of the packet containing a received PDU, and the SNMP SNMP version of the packet containing a received PDU, and the SNMP
version to be used to forward a received PDU. The following sections version to be used to forward a received PDU. The following sections
describe these translations. In all cases other than those described describe these translations. In all cases other than those described
below, the proxy SHALL forward a received PDU without change, subject below, the proxy SHALL forward a received PDU without change, subject
to size contraints as defined in section 5.3 (Community MIB) of this to size contraints as defined in section 5.3 (Community MIB) of this
document. Note that in the following sections, the 'Upstream document. Note that in the following sections, the 'Upstream
Version' refers to the version used between the command generator and Version' refers to the version used between the command generator and
the proxy, and the 'Downstream Version' refers to the version used the proxy, and the 'Downstream Version' refers to the version used
between the proxy and the command responder. between the proxy and the command responder, regardless of the PDU
type or direction.
4.2.1. Upstream Version Greater Than Downstream Version 4.2.1. Upstream Version Greater Than Downstream Version
- If a GetBulkRequest-PDU is received and must be forwarded - If a GetBulkRequest-PDU is received and must be forwarded
using the SNMPv1 message version, the proxy forwarder SHALL using the SNMPv1 message version, the proxy forwarder SHALL
set the non-repeaters and max-repetitions fields to 0, and set the non-repeaters and max-repetitions fields to 0, and
SHALL set the tag of the PDU to GetNextRequest-PDU. SHALL set the tag of the PDU to GetNextRequest-PDU.
- If a GetResponse-PDU is received whose error-status field has - If a GetResponse-PDU is received whose error-status field has
a value of 'tooBig', the message will be forwarded using the a value of 'tooBig', the message will be forwarded using the
skipping to change at page 30, line 5 skipping to change at page 29, line 13
inconsistentValue badValue inconsistentValue badValue
noAccess noSuchName noAccess noSuchName
notWritable noSuchName notWritable noSuchName
noCreation noSuchName noCreation noSuchName
inconsistentName noSuchName inconsistentName noSuchName
resourceUnavailable genErr resourceUnavailable genErr
commitFailed genErr commitFailed genErr
undoFailed genErr undoFailed genErr
authorizationError noSuchName authorizationError noSuchName
Whenever the SNMPv2 error-status value of authorizationError is
translated to an SNMPv1 error-status value of noSuchName, the value
of snmpInBadCommunityUses MUST be incremented.
5. Message Processing Models and Security Models 5. Message Processing Models and Security Models
In order to adapt SNMPv1 (and SNMPv2c) into the SNMP architecture, In order to adapt SNMPv1 (and SNMPv2c) into the SNMP architecture,
the following models are defined in this document: the following models are defined in this document:
- The SNMPv1 Message Processing Model - The SNMPv1 Message Processing Model
- The SNMPv1 Community-Based Security Model - The SNMPv1 Community-Based Security Model
The following models are also described in this document: The following models are also described in this document:
skipping to change at page 50, line 5 skipping to change at page 50, line 5
Applications", RFC2573, May 1999. Applications", RFC2573, May 1999.
[19] The SNMPv3 Working Group, Blumenthal, U., Wijnen, B., "The User- [19] The SNMPv3 Working Group, Blumenthal, U., Wijnen, B., "The User-
Based Security Model for Version 3 of the Simple Network Management Based Security Model for Version 3 of the Simple Network Management
Protocol (SNMP)", RFC 2574, May 1999. Protocol (SNMP)", RFC 2574, May 1999.
[20] The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K., [20] The SNMPv3 Working Group, Wijnen, B., Presuhn, R., McCloghrie, K.,
"View-based Access Control Model for the Simple Network Management "View-based Access Control Model for the Simple Network Management
Protocol (SNMP)", RFC 2575, May 1999. Protocol (SNMP)", RFC 2575, May 1999.
10. Editor's Address 10. Editor's Addresses
Rob Frye Rob Frye
MCI WorldCom MCI WorldCom
2100 Reston Parkway, Suite 600 2100 Reston Parkway, Suite 600
Reston, VA 20191 Reston, VA 20191
U.S.A. U.S.A.
Phone: +1 703 715 7225 Phone: +1 703 715 7225
EMail: Rob.Frye@wcom.com EMail: Rob.Frye@wcom.com
David B. Levi David B. Levi
 End of changes. 12 change blocks. 
17 lines changed or deleted 18 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/