rfc2089.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 676 行 · 第 1/2 页
TXT
676 行
Network Working Group B. Wijnen
Request for Comments: 2089 IBM
Category: Informational D. Levi
SNMP Research, Inc
January 1997
V2ToV1
Mapping SNMPv2 onto SNMPv1
within a bi-lingual SNMP agent
Status of this Memo
This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.
Abstract
The goal of this memo is to document a common way of mapping an
SNMPv2 response into an SNMPv1 response within a bi-lingual SNMP
agent (one that supports both SNMPv1 and SNMPv2).
Table of Contents
1.0 Introduction . . . . . . . . . . . . . . . . . . . . . . . 2
2.0 Mapping SNMPv2 into SNMPv1 . . . . . . . . . . . . . . . . 2
2.1 Mapping SNMPv2 error-status into SNMPv1 error-status . . . 3
2.2 Mapping SNMPv2 exceptions into SNMPv1 . . . . . . . . . . 3
2.3 Mapping noSuchObject and noSuchInstance . . . . . . . . . 4
2.4 Mapping endOfMibView . . . . . . . . . . . . . . . . . . . 5
2.5 Mapping SNMPv2 SMI into SNMPv1 . . . . . . . . . . . . . . 5
3.0 Processing SNMPv1 requests . . . . . . . . . . . . . . . . 6
3.1 Processing an SNMPv1 GET request . . . . . . . . . . . . . 6
3.2 Processing an SNMPv1 GETNEXT request . . . . . . . . . . . 7
3.3 Processing an outgoing SNMPv2 trap . . . . . . . . . . . . 8
4.0 Acknowledgements . . . . . . . . . . . . . . . . . . . . . 10
5.0 References . . . . . . . . . . . . . . . . . . . . . . . . 10
6.0 Security Considerations . . . . . . . . . . . . . . . . . 10
7.0 Authors' Addresses . . . . . . . . . . . . . . . . . . . . 11
Appendix A. Background Information . . . . . . . . . . . . . 12
A.1 Mapping of error-status Values . . . . . . . . . . . . . 12
A.2 SNMPv1 traps without Counter64 varBinds. . . . . . . . . 12
Wijnen & Levi Informational [Page 1]
RFC 2089 V2toV1 January 1997
1.0 Introduction
We now have the SNMPv1 protocol (RFC1157 [1]) as a full standard and
the SNMPv2 protocol (RFC1905 [1]) as a DRAFT standard. It can be
expected that many agent implementations will support both SNMPv1 and
SNMPv2 requests coming from SNMP management entities. In many cases
the underlying instrumentation will be implemented using the new
SNMPv2 SMI and SNMPv2 protocol. The SNMP engine then gets the task
to ensure that any SNMPv2 response data coming from such SNMPv2
compliant instrumentation gets converted to a proper SNMPv1 response
if the original request came in as an SNMPv1 request. The SNMP
engine should also deal with mapping SNMPv2 traps which are generated
by an application or by the SNMPv2 compliant instrumentation into
SNMPv1 traps if the agent has been configured to send traps to an
SNMPv1 manager.
It seems beneficial if all such agents do this mapping in the same
way. This document describes such a mapping based on discussions and
perceived consensus on the various mailing lists. The authors of
this document have also compared their own implementations of these
mappings. They had a few minor differences and decided to make their
implementation behave the same and document this mapping so others
can benefit from it.
We recommend that all agents implement this same mapping.
Note that the mapping described in this document should also be
followed by SNMP proxies that provide a mapping between SNMPv1
management applications and SNMPv2 agents.
2.0 Mapping SNMPv2 into SNMPv1
These are the type of mappings that we need:
o Mapping of the SNMPv2 error-status into SNMPv1 error-status
o Mapping of the SNMPv2 exceptions into SNMPv1 error-status
o Skipping object instances that have a non-SNMPv1 Syntax
(specifically Counter64)
o Mapping of SNMPv2 traps into SNMPv1 traps
Wijnen & Levi Informational [Page 2]
RFC 2089 V2toV1 January 1997
2.1 Mapping SNMPv2 error-status into SNMPv1 error-status
With the new SNMPv2 protocol (RFC1905 [1]) we get a set of error-
status values that return the cause of an error in much more detail.
But an SNMPv1 manager does not understand such error-status values.
So, when the instrumentation code returns response data and uses an
SNMPv2 error-status to report on the success or failure of the
requested operation and if the original SNMP request is an SNMPv1
request, then we must map such an error-status into an SNMPv1 error-
status when composing the SNMP response PDU.
The SNMPv2 error status is mapped to an SNMPv1 error-status using
this table:
SNMPv2 error-status SNMPv1 error-status
=================== ===================
noError noError
tooBig tooBig
noSuchName noSuchName
badValue badValue
readOnly readOnly
genErr genErr
wrongValue badValue
wrongEncoding badValue
wrongType badValue
wrongLength badValue
inconsistentValue badValue
noAccess noSuchName
notWritable noSuchName
noCreation noSuchName
inconsistentName noSuchName
resourceUnavailable genErr
commitFailed genErr
undoFailed genErr
authorizationError noSuchName
2.2 Mapping SNMPv2 exceptions into SNMPv1
In SNMPv2 we have so called exception values. These will allow an
SNMPv2 response PDU to return as much management information as
possible, even if one or more of the requested variables do not
exist. SNMPv1 does not support exception values, and thus does not
return the value of management information when any error occurs.
When multiple variables do not exist, an SNMPv1 agent can return only
a single error and index of a single variable. The agent determines
by its implementation strategy which variable to identify as the
Wijnen & Levi Informational [Page 3]
RFC 2089 V2toV1 January 1997
cause of the error via the value of the error-index field. Thus, an
SNMPv1 manager may make no assumption on the validity of the other
variables in the request.
So, when an SNMPv1 request is received, we must check the varBinds
returned from SNMPv2 compliant instrumentation for exception values,
and convert these exception values into SNMPv1 error codes.
The type of exception we can get back and the action we must take
depends on the SNMP operation that is requested.
o For SNMP GET requests we can get back noSuchObject and
noSuchInstance.
o For SNMP GETNEXT requests we can get back endOfMibView.
o For SNMP SET requests we cannot get back any exceptions.
o For SNMP GETBULK requests we can get back endOfMibView, but
such a request should only come in as an SNMPv2 request, so we
do not have to worry about any mapping onto SNMPv1. If a
GETBULK comes in as an SNMPv1 request, it is treated as an
error and the packet is dropped.
2.3 Mapping noSuchObject and noSuchInstance
A noSuchObject or noSuchInstance exception generated by SNMPv2
compliant instrumentation indicates that the requested object
instance can not be returned. The SNMPv1 error code for this
condition is noSuchName, and so the error-status field of the
response PDU should be set to noSuchName. Also, the error-index
field is set to the index of the varBind for which an exception
occurred, and the varBind list from the original request is returned
with the response PDU.
Note that when the response contains multiple exceptions, that the
agent may pick any one to be returned.
Wijnen & Levi Informational [Page 4]
RFC 2089 V2toV1 January 1997
2.4 Mapping endOfMibView
When SNMPv2 compliant instrumentation returns a varBind containing an
endOfMibView exception in response to a GETNEXT request, it indicates
that there are no object instances available which lexicographically
follow the object in the request. In an SNMPv1 agent, this condition
normally results in a noSuchName error, and so the error-status field
of the response PDU should be set to noSuchName. Also, the error-
index field is set to the index of the varBind for which an exception
occurred, and the varBind list from the original request is returned
with the response PDU.
Note that when the response contains multiple exceptions, that the
agent may pick any one to be returned.
2.5 Mapping SNMPv2 SMI into SNMPv1
The SNMPv2 SMI (RFC1902 [2]) defines basically one new syntax that is
problematic for SNMPv1 managers. That is the syntax Counter64. All
the others can be handled by SNMPv1 managers.
The net impact on bi-lingual agents is that they should make sure
that they never return a varBind with a Counter64 value to an SNMPv1
manager.
The best accepted practice is to consider such object instances
implicitly excluded from the view. So:
o On an SNMPv1 GET request, we return an error-status of
noSuchName and the error-index is set to the varBind that
causes this error.
o On an SNMPv1 GETNEXT request, we skip the object instance and
fetch the next object instance that follows the one with a
syntax of Counter64.
o Any SET request that has a varBind with a Counter64 value must
have come from a SNMPv2 manager, and so it should not cause a
problem. If we do receive a Counter64 value in an SNMPv1 SET
packet, it should result in an ASN.1 parse error since
Counter64 is not valid in the SNMPv1 protocol. When an ASN.1
parse error occurs, the counter snmpInASNParseErrs is
incremented and no response is returned.
o The GETBULK is an SNMPv2 operation, so it should never come
from an SNMPv1 manager. If we do receive a GETBULK PDU from in
an SNMPv1 packet, then we consider it an invalid PDU-type and
we drop the packet.
Wijnen & Levi Informational [Page 5]
RFC 2089 V2toV1 January 1997
3.0 Processing SNMPv1 requests
This sections contains a step by step description of how to handle
SNMPv1 requests in an agent where the underlying instrumentation code
is SNMPv2 compliant.
3.1 Processing an SNMPv1 GET request
First, the request is converted into a call to the underlying
instrumentation. This is implementation specific.
When such instrumentation returns response data using SNMPv2 syntax
and error-status values, then:
1. If the error-status is anything other than noError,
a. The error status is translated to an SNMPv1 error-status
using the table from 2.1, "Mapping SNMPv2 error-status into
SNMPv1 error-status" on page 2
b. The error-index is set to the position (in the original
request) of the varBind that caused the error-status.
c. The varBindList of the response PDU is made exactly the
same as the varBindList that was received in the original
request.
2. If the error-status is noError, then find any varBind that
contains an SNMPv2 exception (noSuchObject or noSuchInstance)
or an SNMPv2 syntax that is unknown to SNMPv1 (Counter64).
(Note that if there are more than one, the agent may choose any
such varBind.) If there are any such varBinds, then for the
one chosen:
a. Set the error-status to noSuchName
b. Set the error-index to the position (in the varBindList of
the original request) of the varBind that returned such an
SNMPv2 exception or syntax.
c. Make the varBindList of the response PDU exactly the same
as the varBindList that was received in the original
request.
Wijnen & Levi Informational [Page 6]
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?