rfc1098.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,682 行 · 第 1/5 页
TXT
1,682 行
Case, Fedor, Schoffstall, & Davin [Page 6]
RFC 1098 SNMP April 1989
3.2.4. Form and Meaning of Protocol Exchanges
The communication of management information among management entities
is realized in the SNMP through the exchange of protocol messages.
The form and meaning of those messages is defined below in Section 4.
Consistent with the goal of minimizing complexity of the management
agent, the exchange of SNMP messages requires only an unreliable
datagram service, and every message is entirely and independently
represented by a single transport datagram. While this document
specifies the exchange of messages via the UDP protocol [8], the
mechanisms of the SNMP are generally suitable for use with a wide
variety of transport services.
3.2.5. Definition of Administrative Relationships
The SNMP architecture admits a variety of administrative
relationships among entities that participate in the protocol. The
entities residing at management stations and network elements which
communicate with one another using the SNMP are termed SNMP
application entities. The peer processes which implement the SNMP,
and thus support the SNMP application entities, are termed protocol
entities.
A pairing of an SNMP agent with some arbitrary set of SNMP
application entities is called an SNMP community. Each SNMP
community is named by a string of octets, that is called the
community name for said community.
An SNMP message originated by an SNMP application entity that in fact
belongs to the SNMP community named by the community component of
said message is called an authentic SNMP message. The set of rules
by which an SNMP message is identified as an authentic SNMP message
for a particular SNMP community is called an authentication scheme.
An implementation of a function that identifies authentic SNMP
messages according to one or more authentication schemes is called an
authentication service.
Clearly, effective management of administrative relationships among
SNMP application entities requires authentication services that (by
the use of encryption or other techniques) are able to identify
authentic SNMP messages with a high degree of certainty. Some SNMP
implementations may wish to support only a trivial authentication
service that identifies all SNMP messages as authentic SNMP messages.
For any network element, a subset of objects in the MIB that pertain
to that element is called a SNMP MIB view. Note that the names of
the object types represented in a SNMP MIB view need not belong to a
Case, Fedor, Schoffstall, & Davin [Page 7]
RFC 1098 SNMP April 1989
single sub-tree of the object type name space.
An element of the set { READ-ONLY, READ-WRITE } is called an SNMP
access mode.
A pairing of a SNMP access mode with a SNMP MIB view is called an
SNMP community profile. A SNMP community profile represents
specified access privileges to variables in a specified MIB view. For
every variable in the MIB view in a given SNMP community profile,
access to that variable is represented by the profile according to
the following conventions:
(1) if said variable is defined in the MIB with "Access:" of
"none," it is unavailable as an operand for any operator;
(2) if said variable is defined in the MIB with "Access:" of
"read-write" or "write-only" and the access mode of the
given profile is READ-WRITE, that variable is available
as an operand for the get, set, and trap operations;
(3) otherwise, the variable is available as an operand for
the get and trap operations.
(4) In those cases where a "write-only" variable is an
operand used for the get or trap operations, the value
given for the variable is implementation-specific.
A pairing of a SNMP community with a SNMP community profile is called
a SNMP access policy. An access policy represents a specified
community profile afforded by the SNMP agent of a specified SNMP
community to other members of that community. All administrative
relationships among SNMP application entities are architecturally
defined in terms of SNMP access policies.
For every SNMP access policy, if the network element on which the
SNMP agent for the specified SNMP community resides is not that to
which the MIB view for the specified profile pertains, then that
policy is called a SNMP proxy access policy. The SNMP agent
associated with a proxy access policy is called a SNMP proxy agent.
While careless definition of proxy access policies can result in
management loops, prudent definition of proxy policies is useful in
at least two ways:
(1) It permits the monitoring and control of network elements
which are otherwise not addressable using the management
protocol and the transport protocol. That is, a proxy
agent may provide a protocol conversion function allowing
a management station to apply a consistent management
Case, Fedor, Schoffstall, & Davin [Page 8]
RFC 1098 SNMP April 1989
framework to all network elements, including devices such
as modems, multiplexors, and other devices which support
different management frameworks.
(2) It potentially shields network elements from elaborate
access control policies. For example, a proxy agent may
implement sophisticated access control whereby diverse
subsets of variables within the MIB are made accessible
to different management stations without increasing the
complexity of the network element.
By way of example, Figure 1 illustrates the relationship between
management stations, proxy agents, and management agents. In this
example, the proxy agent is envisioned to be a normal Internet
Network Operations Center (INOC) of some administrative domain which
has a standard managerial relationship with a set of management
agents.
Case, Fedor, Schoffstall, & Davin [Page 9]
RFC 1098 SNMP April 1989
+------------------+ +----------------+ +----------------+
| Region #1 INOC | |Region #2 INOC | |PC in Region #3 |
| | | | | |
|Domain=Region #1 | |Domain=Region #2| |Domain=Region #3|
|CPU=super-mini-1 | |CPU=super-mini-1| |CPU=Clone-1 |
|PCommunity=pub | |PCommunity=pub | |PCommunity=slate|
| | | | | |
+------------------+ +----------------+ +----------------+
/|\ /|\ /|\
| | |
| | |
| \|/ |
| +-----------------+ |
+-------------->| Region #3 INOC |<-------------+
| |
|Domain=Region #3 |
|CPU=super-mini-2 |
|PCommunity=pub, |
| slate |
|DCommunity=secret|
+-------------->| |<-------------+
| +-----------------+ |
| /|\ |
| | |
| | |
\|/ \|/ \|/
+-----------------+ +-----------------+ +-----------------+
|Domain=Region#3 | |Domain=Region#3 | |Domain=Region#3 |
|CPU=router-1 | |CPU=mainframe-1 | |CPU=modem-1 |
|DCommunity=secret| |DCommunity=secret| |DCommunity=secret|
+-----------------+ +-----------------+ +-----------------+
Domain: the administrative domain of the element
PCommunity: the name of a community utilizing a proxy agent
DCommunity: the name of a direct community
Figure 1
Example Network Management Configuration
Case, Fedor, Schoffstall, & Davin [Page 10]
RFC 1098 SNMP April 1989
3.2.6. Form and Meaning of References to Managed Objects
The SMI requires that the definition of a conformant management
protocol address:
(1) the resolution of ambiguous MIB references,
(2) the resolution of MIB references in the presence multiple
MIB versions, and
(3) the identification of particular instances of object
types defined in the MIB.
3.2.6.1. Resolution of Ambiguous MIB References
Because the scope of any SNMP operation is conceptually confined to
objects relevant to a single network element, and because all SNMP
references to MIB objects are (implicitly or explicitly) by unique
variable names, there is no possibility that any SNMP reference to
any object type defined in the MIB could resolve to multiple
instances of that type.
3.2.6.2. Resolution of References across MIB Versions
The object instance referred to by any SNMP operation is exactly that
specified as part of the operation request or (in the case of a get-
next operation) its immediate successor in the MIB as a whole. In
particular, a reference to an object as part of some version of the
Internet-standard MIB does not resolve to any object that is not part
of said version of the Internet-standard MIB, except in the case that
the requested operation is get-next and the specified object name is
lexicographically last among the names of all objects presented as
part of said version of the Internet-Standard MIB.
3.2.6.3. Identification of Object Instances
The names for all object types in the MIB are defined explicitly
either in the Internet-standard MIB or in other documents which
conform to the naming conventions of the SMI. The SMI requires that
conformant management protocols define mechanisms for identifying
individual instances of those object types for a particular network
element.
Each instance of any object type defined in the MIB is identified in
SNMP operations by a unique name called its "variable name." In
general, the name of an SNMP variable is an OBJECT IDENTIFIER of the
form x.y, where x is the name of a non-aggregate object type defined
in the MIB and y is an OBJECT IDENTIFIER fragment that, in a way
Case, Fedor, Schoffstall, & Davin [Page 11]
RFC 1098 SNMP April 1989
specific to the named object type, identifies the desired instance.
This naming strategy admits the fullest exploitation of the semantics
of the GetNextRequest-PDU (see Section 4), because it assigns names
for related variables so as to be contiguous in the lexicographical
ordering of all variable names known in the MIB.
The type-specific naming of object instances is defined below for a
number of classes of object types. Instances of an object type to
which none of the following naming conventions are applicable are
named by OBJECT IDENTIFIERs of the form x.0, where x is the name of
said object type in the MIB definition.
For example, suppose one wanted to identify an instance of the
variable sysDescr The object class for sysDescr is:
iso org dod internet mgmt mib system sysDescr
1 3 6 1 2 1 1 1
Hence, the object type, x, would be 1.3.6.1.2.1.1.1 to which is
appended an instance sub-identifier of 0. That is, 1.3.6.1.2.1.1.1.0
identifies the one and only instance of sysDescr.
3.2.6.3.1. ifTable Object Type Names
The name of a subnet interface, s, is the OBJECT IDENTIFIER value of
the form i, where i has the value of that instance of the ifIndex
object type associated with s.
For each object type, t, for which the defined name, n, has a prefix
of ifEntry, an instance, i, of t is named by an OBJECT IDENTIFIER of
the form n.s, where s is the name of the subnet interface about which
i represents information.
For example, suppose one wanted to identify the instance of the
variable ifType associated with interface 2. Accordingly, ifType.2
would identify the desired instance.
3.2.6.3.2. atTable Object Type Names
The name of an AT-cached network address, x, is an OBJECT IDENTIFIER
of the form 1.a.b.c.d, where a.b.c.d is the value (in the familiar
"dot" notation) of the atNetAddress object type associated with x.
The name of an address translation equivalence e is an OBJECT
IDENTIFIER value of the form s.w, such that s is the value of that
instance of the atIndex object type associated with e and such that w
is the name of the AT-cached network address associated with e.
Case, Fedor, Schoffstall, & Davin [Page 12]
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?