📄 rfc2271.txt
字号:
Harrington, et. al. Standards Track [Page 16]
RFC 2271 SNMPv3 Architecture January 1998
+------------------------------------------------------------------+
| |
| Message Processing Subsystem |
| |
| +------------+ +------------+ +------------+ +------------+ |
| | * | | * | | * | | * | |
| | SNMPv3 | | SNMPv1 | | SNMPv2c | | Other | |
| | Message | | Message | | Message | | Message | |
| | Processing | | Processing | | Processing | | Processing | |
| | Model | | Model | | Model | | Model | |
| | | | | | | | | |
| +------------+ +------------+ +------------+ +------------+ |
| |
+------------------------------------------------------------------+
3.1.1.3.1. Message Processing Model
Each Message Processing Model defines the format of a particular
version of an SNMP message and coordinates the preparation and
extraction of each such version-specific message format.
3.1.1.4. Security Subsystem
The Security Subsystem provides security services such as the
authentication and privacy of messages and potentially contains
multiple Security Models as shown in the following figure
* One or more Security Models may be present.
+------------------------------------------------------------------+
| |
| Security Subsystem |
| |
| +----------------+ +-----------------+ +-------------------+ |
| | * | | * | | * | |
| | User-Based | | Other | | Other | |
| | Security | | Security | | Security | |
| | Model | | Model | | Model | |
| | | | | | | |
| +----------------+ +-----------------+ +-------------------+ |
| |
+------------------------------------------------------------------+
3.1.1.4.1. Security Model
A Security Model defines the threats against which it protects, the
goals of its services, and the security protocols used to provide
security services such as authentication and privacy.
Harrington, et. al. Standards Track [Page 17]
RFC 2271 SNMPv3 Architecture January 1998
3.1.1.4.2. Security Protocol
A Security Protocol defines the mechanisms, procedures, and MIB data
used to provide a security service such as authentication or privacy.
3.1.2. Access Control Subsystem
The Access Control Subsystem provides authorization services by means
of one or more Access Control Models.
+------------------------------------------------------------------+
| |
| Access Control Subsystem |
| |
| +---------------+ +-----------------+ +------------------+ |
| | * | | * | | * | |
| | View-Based | | Other | | Other | |
| | Access | | Access | | Access | |
| | Control | | Control | | Control | |
| | Model | | Model | | Model | |
| | | | | | | |
| +---------------+ +-----------------+ +------------------+ |
| |
+------------------------------------------------------------------+
3.1.2.1. Access Control Model
An Access Control Model defines a particular access decision function
in order to support decisions regarding access rights.
3.1.3. Applications
There are several types of applications, including:
- command generators, which monitor and manipulate management
data,
- command responders, which provide access to management data,
- notification originators, which initiate asynchronous messages,
- notification receivers, which process asynchronous messages,
and
- proxy forwarders, which forward messages between entities.
These applications make use of the services provided by the SNMP
engine.
Harrington, et. al. Standards Track [Page 18]
RFC 2271 SNMPv3 Architecture January 1998
3.1.3.1. SNMP Manager
An SNMP entity containing one or more command generator and/or
notification receiver applications (along with their associated SNMP
engine) has traditionally been called an SNMP manager. * One or more
models may be present.
(traditional SNMP manager)
+-------------------------------------------------------------------+
| +--------------+ +--------------+ +--------------+ SNMP entity |
| | NOTIFICATION | | NOTIFICATION | | COMMAND | |
| | ORIGINATOR | | RECEIVER | | GENERATOR | |
| | applications | | applications | | applications | |
| +--------------+ +--------------+ +--------------+ |
| ^ ^ ^ |
| | | | |
| v v v |
| +-------+--------+-----------------+ |
| ^ |
| | +---------------------+ +----------------+ |
| | | Message Processing | | Security | |
| Dispatcher v | Subsystem | | Subsystem | |
| +-------------------+ | +------------+ | | | |
| | PDU Dispatcher | | +->| v1MP * |<--->| +------------+ | |
| | | | | +------------+ | | | Other | | |
| | | | | +------------+ | | | Security | | |
| | | | +->| v2cMP * |<--->| | Model | | |
| | Message | | | +------------+ | | +------------+ | |
| | Dispatcher <--------->+ | | | |
| | | | | +------------+ | | +------------+ | |
| | | | +->| v3MP * |<--->| | User-based | | |
| | Transport | | | +------------+ | | | Security | | |
| | Mapping | | | +------------+ | | | Model | | |
| | (e.g RFC1906) | | +->| otherMP * |<--->| +------------+ | |
| +-------------------+ | +------------+ | | | |
| ^ +---------------------+ +----------------+ |
| | |
| v |
+-------------------------------------------------------------------+
+-----+ +-----+ +-------+
| UDP | | IPX | . . . | other |
+-----+ +-----+ +-------+
^ ^ ^
| | |
v v v
+------------------------------+
| Network |
+------------------------------+
Harrington, et. al. Standards Track [Page 19]
RFC 2271 SNMPv3 Architecture January 1998
3.1.3.2. SNMP Agent
An SNMP entity containing one or more command responder and/or
notification originator applications (along with their associated
SNMP engine) has traditionally been called an SNMP agent.
+------------------------------+
| Network |
+------------------------------+
^ ^ ^
| | |
v v v
+-----+ +-----+ +-------+
| UDP | | IPX | . . . | other |
+-----+ +-----+ +-------+ (traditional SNMP agent)
+-------------------------------------------------------------------+
| ^ |
| | +---------------------+ +----------------+ |
| | | Message Processing | | Security | |
| Dispatcher v | Subsystem | | Subsystem | |
| +-------------------+ | +------------+ | | | |
| | Transport | | +->| v1MP * |<--->| +------------+ | |
| | Mapping | | | +------------+ | | | Other | | |
| | (e.g. RFC1906) | | | +------------+ | | | Security | | |
| | | | +->| v2cMP * |<--->| | Model | | |
| | Message | | | +------------+ | | +------------+ | |
| | Dispatcher <--------->| +------------+ | | +------------+ | |
| | | | +->| v3MP * |<--->| | User-based | | |
| | | | | +------------+ | | | Security | | |
| | PDU Dispatcher | | | +------------+ | | | Model | | |
| +-------------------+ | +->| otherMP * |<--->| +------------+ | |
| ^ | +------------+ | | | |
| | +---------------------+ +----------------+ |
| v |
| +-------+-------------------------+---------------+ |
| ^ ^ ^ |
| | | | |
| v v v |
| +-------------+ +---------+ +--------------+ +-------------+ |
| | COMMAND | | ACCESS | | NOTIFICATION | | PROXY * | |
| | RESPONDER |<->| CONTROL |<->| ORIGINATOR | | FORWARDER | |
| | application | | | | applications | | application | |
| +-------------+ +---------+ +--------------+ +-------------+ |
| ^ ^ |
| | | |
| v v |
| +----------------------------------------------+ |
| | MIB instrumentation | SNMP entity |
+-------------------------------------------------------------------+
Harrington, et. al. Standards Track [Page 20]
RFC 2271 SNMPv3 Architecture January 1998
3.2. The Naming of Identities
principal
^
|
|
+----------------------------|-------------+
| SNMP engine v |
| +--------------+ |
| | | |
| +-----------------| securityName |---+ |
| | Security Model | | | |
| | +--------------+ | |
| | ^ | |
| | | | |
| | v | |
| | +------------------------------+ | |
| | | | | |
| | | Model | | |
| | | Dependent | | |
| | | Security ID | | |
| | | | | |
| | +------------------------------+ | |
| | ^ | |
| | | | |
| +-------------------------|----------+ |
| | |
| | |
+----------------------------|-------------+
|
v
network
3.2.1. Principal
A principal is the "who" on whose behalf services are provided or
processing takes place.
A principal can be, among other things, an individual acting in a
particular role; a set of individuals, with each acting in a
particular role; an application or a set of applications; and
combinations thereof.
3.2.2. securityName
A securityName is a human readable string representing a principal.
It has a model-independent format, and can be used outside a
particular Security Model.
Harrington, et. al. Standards Track [Page 21]
RFC 2271 SNMPv3 Architecture January 1998
3.2.3. Model-dependent security ID
A model-dependent security ID is the model-specific representation of
a securityName within a particular Security Model.
Model-dependent security IDs may or may not be human readable, and
have a model-dependent syntax. Examples include community names, user
names, and parties.
The transformation of model-dependent security IDs into securityNames
and vice versa is the responsibility of the relevant Security Model.
3.3. The Naming of Management Information
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -