📄 rfc2570.txt
字号:
Network Working Group J. Case
Request for Comments: 2570 SNMP Research, Inc.
Category: Informational R. Mundy
TIS Labs at Network Associates, Inc.
D. Partain
Ericsson
B. Stewart
Cisco Systems
April 1999
Introduction to Version 3 of the
Internet-standard Network Management Framework
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
The purpose of this document is to provide an overview of the third
version of the Internet-standard Management Framework, termed the
SNMP version 3 Framework (SNMPv3). This Framework is derived from
and builds upon both the original Internet-standard Management
Framework (SNMPv1) and the second Internet-standard Management
Framework (SNMPv2).
The architecture is designed to be modular to allow the evolution of
the Framework over time.
Table of Contents
1 Introduction .....................................................2
2 The Internet Standard Management Framework .......................3
2.1 Basic Structure and Components .................................3
2.2 Architecture of the Internet Standard Management Framework .....3
3 The SNMPv1 Management Framework ..................................4
3.1 The SNMPv1 Data Definition Language ............................5
3.2 Management Information .........................................6
3.3 Protocol Operations ............................................6
3.4 SNMPv1 Security and Administration .............................6
Case, et al. Informational [Page 1]
RFC 2570 Introduction to SNMPv3 April 1999
4 The SNMPv2 Management Framework ..................................7
5 The SNMPv3 Working Group .........................................8
6 SNMPv3 Framework Module Specifications ..........................10
6.1 Data Definition Language ......................................10
6.2 MIB Modules ...................................................11
6.3 Protocol Operations and Transport Mappings ....................12
6.4 SNMPv3 Security and Administration ............................12
7 Document Summaries ..............................................13
7.1 Structure of Management Information ...........................13
7.1.1 Base SMI Specification ......................................13
7.1.2 Textual Conventions .........................................14
7.1.3 Conformance Statements ......................................15
7.2 Protocol Operations ...........................................15
7.3 Transport Mappings ............................................15
7.4 Protocol Instrumentation ......................................16
7.5 Architecture / Security and Administration ....................16
7.6 Message Processing and Dispatch (MPD) .........................16
7.7 SNMP Applications .............................................17
7.8 User-based Security Model (USM) ...............................17
7.9 View-based Access Control (VACM) ..............................18
7.10 SNMPv3 Coexistence and Transition ............................18
8 Security Considerations .........................................19
9 Editors' Addresses ..............................................19
10 References .....................................................20
11 Full Copyright Statement .......................................23
1 Introduction
This document is an introduction to the third version of the
Internet-standard Management Framework, termed the SNMP version 3
Management Framework (SNMPv3) and has multiple purposes.
First, it describes the relationship between the SNMP version 3
(SNMPv3) specifications and the specifications of the SNMP version 1
(SNMPv1) Management Framework, the SNMP version 2 (SNMPv2) Management
Framework, and the Community-based Administrative Framework for
SNMPv2.
Second, it provides a roadmap to the multiple documents which contain
the relevant specifications.
Third, this document provides a brief easy-to-read summary of the
contents of each of the relevant specification documents.
This document is intentionally tutorial in nature and, as such, may
occasionally be "guilty" of oversimplification. In the event of a
conflict or contradiction between this document and the more detailed
documents for which this document is a roadmap, the specifications in
Case, et al. Informational [Page 2]
RFC 2570 Introduction to SNMPv3 April 1999
the more detailed documents shall prevail.
Further, the detailed documents attempt to maintain separation
between the various component modules in order to specify well-
defined interfaces between them. This roadmap document, however,
takes a different approach and attempts to provide an integrated view
of the various component modules in the interest of readability.
2 The Internet Standard Management Framework
The third version of the Internet Standard Management Framework (the
SNMPv3 Framework) is derived from and builds upon both the original
Internet-standard Management Framework (SNMPv1) and the second
Internet-standard Management Framework (SNMPv2).
All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet Standard
Management Framework share the same basic structure and components.
Furthermore, all versions of the specifications of the Internet
Standard Management Framework follow the same architecture.
2.1 Basic Structure and Components
An enterprise deploying the Internet Standard Management Framework
contains four basic components:
* several (typically many) managed nodes, each with an SNMP entity
which provides remote access to management instrumentation
(traditionally called an agent);
* at least one SNMP entity with management applications (typically
called a manager),
* a management protocol used to convey management information
between the SNMP entities, and
* management information.
The management protocol is used to convey management information
between SNMP entities such as managers and agents.
This basic structure is common to all versions of the Internet
Standard Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3.
2.2 Architecture of the Internet Standard Management Framework
The specifications of the Internet Standard Management Framework are
based on a modular architecture. This framework is more than just a
protocol for moving data. It consists of:
Case, et al. Informational [Page 3]
RFC 2570 Introduction to SNMPv3 April 1999
* a data definition language,
* definitions of management information (the Management
Information Base, or MIB),
* a protocol definition, and
* security and administration.
Over time, as the Framework has evolved from SNMPv1, through SNMPv2,
to SNMPv3, the definitions of each of these architectural components
have become richer and more clearly defined, but the fundamental
architecture has remained consistent.
One prime motivator for this modularity was to enable the ongoing
evolution of the Framework as is documented in RFC 1052 [14]. When
originally envisioned, this capability was to be used to ease the
transition from SNMP-based management of internets to management
based on OSI protocols. To this end, the framework was architected
with a protocol-independent data definition language and Management
Information Base along with a MIB-independent protocol. This
separation was designed to allow the SNMP-based protocol to be
replaced without requiring the management information to be redefined
or reinstrumented. History has shown that the selection of this
architecture was the right decision for the wrong reason -- it turned
out that this architecture has eased the transition from SNMPv1 to
SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the transition
away from management based on the Simple Network Management Protocol.
The SNMPv3 Framework builds and extends these architectural
principles by:
* building on these four basic architectural components, in some
cases incorporating them from the SNMPv2 Framework by reference,
and
* by using these same layering principles in the definition of new
capabilities in the security and administration portion of the
architecture.
Those who are familiar with the architecture of the SNMPv1 Management
Framework and the SNMPv2 Management Framework will find many familiar
concepts in the architecture of the SNMPv3 Management Framework.
However, in some cases, the terminology may be somewhat different.
Case, et al. Informational [Page 4]
RFC 2570 Introduction to SNMPv3 April 1999
3 The SNMPv1 Management Framework
The original Internet-standard Network Management Framework (SNMPv1)
is defined in the following documents:
* STD 16, RFC 1155 [1] which defines the Structure of Management
Information (SMI), the mechanisms used for describing and naming
objects for the purpose of management.
* STD 16, RFC 1212 [2] which defines a more concise description
mechanism for describing and naming management information objects,
but which is wholly consistent with the SMI.
* STD 15, RFC 1157 [3] which defines the Simple Network Management
Protocol (SNMP), the protocol used for network access to managed
objects and event notification. Note this document also defines an
initial set of event notifications.
Additionally, two documents are generally considered to be companions
to these three:
* STD 17, RFC 1213 [13] which contains definitions for the base
set of management information
* RFC 1215 [25] defines a concise description mechanism for
defining event notifications, which are called traps in the SNMPv1
protocol. It also specifies the generic traps from RFC 1157 in the
concise notation.
These documents describe the four parts of the first version of the
SNMP Framework.
3.1 The SNMPv1 Data Definition Language
The first two and the last document describe the SNMPv1 data
definition language. Note that due to the initial requirement that
the SMI be protocol-independent, the first two SMI documents do not
provide a means for defining event notifications (traps). Instead,
the SNMP protocol document defines a few standardized event
notifications (generic traps) and provides a means for additional
event notifications to be defined. The last document specifies a
straight-forward approach towards defining event notifications used
with the SNMPv1 protocol. At the time that it was written, use of
traps in the Internet-standard network management framework was
controversial. As such, RFC 1215 was put forward with the status of
"Informational", which was never updated because it was believed that
the second version of the SNMP Framework would replace the first
version. Note that the SNMPv1 data definition language is sometimes
Case, et al. Informational [Page 5]
RFC 2570 Introduction to SNMPv3 April 1999
referred to as SMIv1.
3.2 Management Information
The data definition language described in the first two documents was
first used to define the now-historic MIB-I as specified in RFC 1066
[12], and was subsequently used to define MIB-II as specified in RFC
1213 [13].
Later, after the publication of MIB-II, a different approach to
management information definition was taken from the earlier approach
of having a single committee staffed by generalists work on a single
document to define the Internet-standard MIB. Rather, many mini-MIB
documents were produced in a parallel and distributed fashion by
groups chartered to produce a specification for a focused portion of
the Internet-standard MIB and staffed by personnel with expertise in
those particular areas ranging from various aspects of network
management, to system management, and application management.
3.3 Protocol Operations
The third document, STD 15, describes the SNMPv1 protocol operations
performed by protocol data units (PDUs) on lists of variable bindings
and describes the format of SNMPv1 messages. The operators defined by
SNMPv1 are: get, get-next, get-response, set-request, and trap.
Typical layering of SNMP on a connectionless transport service is
also defined.
3.4 SNMPv1 Security and Administration
STD 15 also describes an approach to security and administration.
Many of these concepts are carried forward and some, particularly
security, are extended by the SNMPv3 Framework.
The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs in
SNMP messages between SNMP entities and distinguishes between
application entities and protocol entities. In SNMPv3, these are
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -