📄 rfc1157.txt
字号:
Management Information (SMI) [5] and Management Information Base
(MIB) [6]. The use of the ASN.1 language, was, in part, encouraged
by the successful use of ASN.1 in earlier efforts, in particular, the
SGMP. The restrictions on the use of ASN.1 that are part of the SMI
contribute to the simplicity espoused and validated by experience
with the SGMP.
Case, Fedor, Schoffstall, & Davin [Page 6]
RFC 1157 SNMP May 1990
Also for the sake of simplicity, the SNMP uses only a subset of the
basic encoding rules of ASN.1 [10]. Namely, all encodings use the
definite-length form. Further, whenever permissible, non-constructor
encodings are used rather than constructor encodings. This
restriction applies to all aspects of ASN.1 encoding, both for the
top-level protocol data units and the data objects they contain.
3.2.3. Operations Supported on Management Information
The SNMP models all management agent functions as alterations or
inspections of variables. Thus, a protocol entity on a logically
remote host (possibly the network element itself) interacts with the
management agent resident on the network element in order to retrieve
(get) or alter (set) variables. This strategy has at least two
positive consequences:
(1) It has the effect of limiting the number of essential
management functions realized by the management agent to
two: one operation to assign a value to a specified
configuration or other parameter and another to retrieve
such a value.
(2) A second effect of this decision is to avoid introducing
into the protocol definition support for imperative
management commands: the number of such commands is in
practice ever-increasing, and the semantics of such
commands are in general arbitrarily complex.
The strategy implicit in the SNMP is that the monitoring of network
state at any significant level of detail is accomplished primarily by
polling for appropriate information on the part of the monitoring
center(s). A limited number of unsolicited messages (traps) guide
the timing and focus of the polling. Limiting the number of
unsolicited messages is consistent with the goal of simplicity and
minimizing the amount of traffic generated by the network management
function.
The exclusion of imperative commands from the set of explicitly
supported management functions is unlikely to preclude any desirable
management agent operation. Currently, most commands are requests
either to set the value of some parameter or to retrieve such a
value, and the function of the few imperative commands currently
supported is easily accommodated in an asynchronous mode by this
management model. In this scheme, an imperative command might be
realized as the setting of a parameter value that subsequently
triggers the desired action. For example, rather than implementing a
"reboot command," this action might be invoked by simply setting a
parameter indicating the number of seconds until system reboot.
Case, Fedor, Schoffstall, & Davin [Page 7]
RFC 1157 SNMP May 1990
3.2.4. Form and Meaning of Protocol Exchanges
The communication of management information among management entities
is realized in the SNMP through the exchange of protocol messages.
The form and meaning of those messages is defined below in Section 4.
Consistent with the goal of minimizing complexity of the management
agent, the exchange of SNMP messages requires only an unreliable
datagram service, and every message is entirely and independently
represented by a single transport datagram. While this document
specifies the exchange of messages via the UDP protocol [11], the
mechanisms of the SNMP are generally suitable for use with a wide
variety of transport services.
3.2.5. Definition of Administrative Relationships
The SNMP architecture admits a variety of administrative
relationships among entities that participate in the protocol. The
entities residing at management stations and network elements which
communicate with one another using the SNMP are termed SNMP
application entities. The peer processes which implement the SNMP,
and thus support the SNMP application entities, are termed protocol
entities.
A pairing of an SNMP agent with some arbitrary set of SNMP
application entities is called an SNMP community. Each SNMP
community is named by a string of octets, that is called the
community name for said community.
An SNMP message originated by an SNMP application entity that in fact
belongs to the SNMP community named by the community component of
said message is called an authentic SNMP message. The set of rules
by which an SNMP message is identified as an authentic SNMP message
for a particular SNMP community is called an authentication scheme.
An implementation of a function that identifies authentic SNMP
messages according to one or more authentication schemes is called an
authentication service.
Clearly, effective management of administrative relationships among
SNMP application entities requires authentication services that (by
the use of encryption or other techniques) are able to identify
authentic SNMP messages with a high degree of certainty. Some SNMP
implementations may wish to support only a trivial authentication
service that identifies all SNMP messages as authentic SNMP messages.
For any network element, a subset of objects in the MIB that pertain
to that element is called a SNMP MIB view. Note that the names of
the object types represented in a SNMP MIB view need not belong to a
Case, Fedor, Schoffstall, & Davin [Page 8]
RFC 1157 SNMP May 1990
single sub-tree of the object type name space.
An element of the set { READ-ONLY, READ-WRITE } is called an SNMP
access mode.
A pairing of a SNMP access mode with a SNMP MIB view is called an
SNMP community profile. A SNMP community profile represents
specified access privileges to variables in a specified MIB view. For
every variable in the MIB view in a given SNMP community profile,
access to that variable is represented by the profile according to
the following conventions:
(1) if said variable is defined in the MIB with "Access:" of
"none," it is unavailable as an operand for any operator;
(2) if said variable is defined in the MIB with "Access:" of
"read-write" or "write-only" and the access mode of the
given profile is READ-WRITE, that variable is available
as an operand for the get, set, and trap operations;
(3) otherwise, the variable is available as an operand for
the get and trap operations.
(4) In those cases where a "write-only" variable is an
operand used for the get or trap operations, the value
given for the variable is implementation-specific.
A pairing of a SNMP community with a SNMP community profile is called
a SNMP access policy. An access policy represents a specified
community profile afforded by the SNMP agent of a specified SNMP
community to other members of that community. All administrative
relationships among SNMP application entities are architecturally
defined in terms of SNMP access policies.
For every SNMP access policy, if the network element on which the
SNMP agent for the specified SNMP community resides is not that to
which the MIB view for the specified profile pertains, then that
policy is called a SNMP proxy access policy. The SNMP agent
associated with a proxy access policy is called a SNMP proxy agent.
While careless definition of proxy access policies can result in
management loops, prudent definition of proxy policies is useful in
at least two ways:
(1) It permits the monitoring and control of network elements
which are otherwise not addressable using the management
protocol and the transport protocol. That is, a proxy
agent may provide a protocol conversion function allowing
a management station to apply a consistent management
Case, Fedor, Schoffstall, & Davin [Page 9]
RFC 1157 SNMP May 1990
framework to all network elements, including devices such
as modems, multiplexors, and other devices which support
different management frameworks.
(2) It potentially shields network elements from elaborate
access control policies. For example, a proxy agent may
implement sophisticated access control whereby diverse
subsets of variables within the MIB are made accessible
to different management stations without increasing the
complexity of the network element.
By way of example, Figure 1 illustrates the relationship between
management stations, proxy agents, and management agents. In this
example, the proxy agent is envisioned to be a normal Internet
Network Operations Center (INOC) of some administrative domain which
has a standard managerial relationship with a set of management
agents.
Case, Fedor, Schoffstall, & Davin [Page 10]
RFC 1157 SNMP May 1990
+------------------+ +----------------+ +----------------+
| Region #1 INOC | |Region #2 INOC | |PC in Region #3 |
| | | | | |
|Domain=Region #1 | |Domain=Region #2| |Domain=Region #3|
|CPU=super-mini-1 | |CPU=super-mini-1| |CPU=Clone-1 |
|PCommunity=pub | |PCommunity=pub | |PCommunity=slate|
| | | | | |
+------------------+ +----------------+ +----------------+
/|\ /|\ /|\
| | |
| | |
| \|/ |
| +-----------------+ |
+-------------->| Region #3 INOC |<-------------+
| |
|Domain=Region #3 |
|CPU=super-mini-2 |
|PCommunity=pub, |
| slate |
|DCommunity=secret|
+-------------->| |<-------------+
| +-----------------+ |
| /|\ |
| | |
| | |
\|/ \|/ \|/
+-----------------+ +-----------------+ +-----------------+
|Domain=Region#3 | |Domain=Region#3 | |Domain=Region#3 |
|CPU=router-1 | |CPU=mainframe-1 | |CPU=modem-1 |
|DCommunity=secret| |DCommunity=secret| |DCommunity=secret|
+-----------------+ +-----------------+ +-----------------+
Domain: the administrative domain of the element
PCommunity: the name of a community utilizing a proxy agent
DCommunity: the name of a direct community
Figure 1
Example Network Management Configuration
Case, Fedor, Schoffstall, & Davin [Page 11]
RFC 1157 SNMP May 1990
3.2.6. Form and Meaning of References to Managed Objects
The SMI requires that the definition of a conformant management
protocol address:
(1) the resolution of ambiguous MIB references,
(2) the resolution of MIB references in the presence multiple
MIB versions, and
(3) the identification of particular instances of object
types defined in the MIB.
3.2.6.1. Resolution of Ambiguous MIB References
Because the scope of any SNMP operation is conceptually confined to
objects relevant to a single network element, and because all SNMP
references to MIB objects are (implicitly or explicitly) by unique
variable names, there is no possibility that any SNMP reference to
any object type defined in the MIB could resolve to multiple
instances of that type.
3.2.6.2. Resolution of References across MIB Versions
The object instance referred to by any SNMP operation is exactly that
specified as part of the operation request or (in the case of a get-
next operation) its immediate successor in the MIB as a whole. In
particular, a reference to an object as part of some version of the
Internet-standard MIB does not resolve to any object that is not part
of said version of the Internet-standard MIB, except in the case that
the requested operation is get-next and the specified object name is
lexicographically last among the names of all objects presented as
part of said version of the Internet-Standard MIB.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -