📄 rfc1157.txt
字号:
Also for the sake of simplicity, the SNMP uses only a subset of the basic encoding rules of ASN.1 [10]. Namely, all encodings use the definite-length form. Further, whenever permissible, non-constructor encodings are used rather than constructor encodings. This restriction applies to all aspects of ASN.1 encoding, both for the top-level protocol data units and the data objects they contain.3.2.3. Operations Supported on Management Information The SNMP models all management agent functions as alterations or inspections of variables. Thus, a protocol entity on a logically remote host (possibly the network element itself) interacts with the management agent resident on the network element in order to retrieve (get) or alter (set) variables. This strategy has at least two positive consequences: (1) It has the effect of limiting the number of essential management functions realized by the management agent to two: one operation to assign a value to a specified configuration or other parameter and another to retrieve such a value. (2) A second effect of this decision is to avoid introducing into the protocol definition support for imperative management commands: the number of such commands is in practice ever-increasing, and the semantics of such commands are in general arbitrarily complex. The strategy implicit in the SNMP is that the monitoring of network state at any significant level of detail is accomplished primarily by polling for appropriate information on the part of the monitoring center(s). A limited number of unsolicited messages (traps) guide the timing and focus of the polling. Limiting the number of unsolicited messages is consistent with the goal of simplicity and minimizing the amount of traffic generated by the network management function. The exclusion of imperative commands from the set of explicitly supported management functions is unlikely to preclude any desirable management agent operation. Currently, most commands are requests either to set the value of some parameter or to retrieve such a value, and the function of the few imperative commands currently supported is easily accommodated in an asynchronous mode by this management model. In this scheme, an imperative command might be realized as the setting of a parameter value that subsequently triggers the desired action. For example, rather than implementing a "reboot command," this action might be invoked by simply setting a parameter indicating the number of seconds until system reboot.Case, Fedor, Schoffstall, & Davin [Page 7]
RFC 1157 SNMP May 19903.2.4. Form and Meaning of Protocol Exchanges The communication of management information among management entities is realized in the SNMP through the exchange of protocol messages. The form and meaning of those messages is defined below in Section 4. Consistent with the goal of minimizing complexity of the management agent, the exchange of SNMP messages requires only an unreliable datagram service, and every message is entirely and independently represented by a single transport datagram. While this document specifies the exchange of messages via the UDP protocol [11], the mechanisms of the SNMP are generally suitable for use with a wide variety of transport services.3.2.5. Definition of Administrative Relationships The SNMP architecture admits a variety of administrative relationships among entities that participate in the protocol. The entities residing at management stations and network elements which communicate with one another using the SNMP are termed SNMP application entities. The peer processes which implement the SNMP, and thus support the SNMP application entities, are termed protocol entities. A pairing of an SNMP agent with some arbitrary set of SNMP application entities is called an SNMP community. Each SNMP community is named by a string of octets, that is called the community name for said community. An SNMP message originated by an SNMP application entity that in fact belongs to the SNMP community named by the community component of said message is called an authentic SNMP message. The set of rules by which an SNMP message is identified as an authentic SNMP message for a particular SNMP community is called an authentication scheme. An implementation of a function that identifies authentic SNMP messages according to one or more authentication schemes is called an authentication service. Clearly, effective management of administrative relationships among SNMP application entities requires authentication services that (by the use of encryption or other techniques) are able to identify authentic SNMP messages with a high degree of certainty. Some SNMP implementations may wish to support only a trivial authentication service that identifies all SNMP messages as authentic SNMP messages. For any network element, a subset of objects in the MIB that pertain to that element is called a SNMP MIB view. Note that the names of the object types represented in a SNMP MIB view need not belong to aCase, Fedor, Schoffstall, & Davin [Page 8]
RFC 1157 SNMP May 1990 single sub-tree of the object type name space. An element of the set { READ-ONLY, READ-WRITE } is called an SNMP access mode. A pairing of a SNMP access mode with a SNMP MIB view is called an SNMP community profile. A SNMP community profile represents specified access privileges to variables in a specified MIB view. For every variable in the MIB view in a given SNMP community profile, access to that variable is represented by the profile according to the following conventions: (1) if said variable is defined in the MIB with "Access:" of "none," it is unavailable as an operand for any operator; (2) if said variable is defined in the MIB with "Access:" of "read-write" or "write-only" and the access mode of the given profile is READ-WRITE, that variable is available as an operand for the get, set, and trap operations; (3) otherwise, the variable is available as an operand for the get and trap operations. (4) In those cases where a "write-only" variable is an operand used for the get or trap operations, the value given for the variable is implementation-specific. A pairing of a SNMP community with a SNMP community profile is called a SNMP access policy. An access policy represents a specified community profile afforded by the SNMP agent of a specified SNMP community to other members of that community. All administrative relationships among SNMP application entities are architecturally defined in terms of SNMP access policies. For every SNMP access policy, if the network element on which the SNMP agent for the specified SNMP community resides is not that to which the MIB view for the specified profile pertains, then that policy is called a SNMP proxy access policy. The SNMP agent associated with a proxy access policy is called a SNMP proxy agent. While careless definition of proxy access policies can result in management loops, prudent definition of proxy policies is useful in at least two ways: (1) It permits the monitoring and control of network elements which are otherwise not addressable using the management protocol and the transport protocol. That is, a proxy agent may provide a protocol conversion function allowing a management station to apply a consistent managementCase, Fedor, Schoffstall, & Davin [Page 9]
RFC 1157 SNMP May 1990 framework to all network elements, including devices such as modems, multiplexors, and other devices which support different management frameworks. (2) It potentially shields network elements from elaborate access control policies. For example, a proxy agent may implement sophisticated access control whereby diverse subsets of variables within the MIB are made accessible to different management stations without increasing the complexity of the network element. By way of example, Figure 1 illustrates the relationship between management stations, proxy agents, and management agents. In this example, the proxy agent is envisioned to be a normal Internet Network Operations Center (INOC) of some administrative domain which has a standard managerial relationship with a set of management agents.Case, Fedor, Schoffstall, & Davin [Page 10]
RFC 1157 SNMP May 1990 +------------------+ +----------------+ +----------------+ | Region #1 INOC | |Region #2 INOC | |PC in Region #3 | | | | | | | |Domain=Region #1 | |Domain=Region #2| |Domain=Region #3| |CPU=super-mini-1 | |CPU=super-mini-1| |CPU=Clone-1 | |PCommunity=pub | |PCommunity=pub | |PCommunity=slate| | | | | | | +------------------+ +----------------+ +----------------+ /|\ /|\ /|\ | | | | | | | \|/ | | +-----------------+ | +-------------->| Region #3 INOC |<-------------+ | | |Domain=Region #3 | |CPU=super-mini-2 | |PCommunity=pub, | | slate | |DCommunity=secret| +-------------->| |<-------------+ | +-----------------+ | | /|\ | | | | | | | \|/ \|/ \|/ +-----------------+ +-----------------+ +-----------------+ |Domain=Region#3 | |Domain=Region#3 | |Domain=Region#3 | |CPU=router-1 | |CPU=mainframe-1 | |CPU=modem-1 | |DCommunity=secret| |DCommunity=secret| |DCommunity=secret| +-----------------+ +-----------------+ +-----------------+ Domain: the administrative domain of the element PCommunity: the name of a community utilizing a proxy agent DCommunity: the name of a direct community Figure 1 Example Network Management ConfigurationCase, Fedor, Schoffstall, & Davin [Page 11]
RFC 1157 SNMP May 19903.2.6. Form and Meaning of References to Managed Objects The SMI requires that the definition of a conformant management protocol address: (1) the resolution of ambiguous MIB references, (2) the resolution of MIB references in the presence multiple MIB versions, and (3) the identification of particular instances of object types defined in the MIB.3.2.6.1. Resolution of Ambiguous MIB References Because the scope of any SNMP operation is conceptually confined to objects relevant to a single network element, and because all SNMP references to MIB objects are (implicitly or explicitly) by unique variable names, there is no possibility that any SNMP reference to any object type defined in the MIB could resolve to multiple instances of that type.3.2.6.2. Resolution of References across MIB Versions The object instance referred to by any SNMP operation is exactly that specified as part of the operation request or (in the case of a get- next operation) its immediate successor in the MIB as a whole. In particular, a reference to an object as part of some version of the Internet-standard MIB does not resolve to any object that is not part of said version of the Internet-standard MIB, except in the case that the requested operation is get-next and the specified object name is lexicographically last among the names of all objects presented as part of said version of the Internet-Standard MIB.3.2.6.3. Identification of Object Instances The names for all object types in the MIB are defined explicitly either in the Internet-standard MIB or in other documents which conform to the naming conventions of the SMI. The SMI requires that conformant management protocols define mechanisms for identifying individual instances of those object types for a particular network element. Each instance of any object type defined in the MIB is identified in SNMP operations by a unique name called its "variable name." In general, the name of an SNMP variable is an OBJECT IDENTIFIER of the form x.y, where x is the name of a non-aggregate object type defined in the MIB and y is an OBJECT IDENTIFIER fragment that, in a wayCase, Fedor, Schoffstall, & Davin [Page 12]
RFC 1157 SNMP May 1990 specific to the named object type, identifies the desired instance. This naming strategy admits the fullest exploitation of the semantics of the GetNextRequest-PDU (see Section 4), because it assigns names⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -