rfc1909.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Network Working Group                              K. McCloghrie, Editor
Request for Comments: 1909                           Cisco Systems, Inc.
Category: Experimental                                     February 1996


              An Administrative Infrastructure for SNMPv2

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Table of Contents

   1. Introduction ................................................    2
   2. Overview ....................................................    2
   2.1 Contexts ...................................................    3
   2.2 Authorization: Access Rights and MIB Views .................    3
   2.3 Authentication and Privacy .................................    4
   2.4 Access Control .............................................    5
   2.5 Security Models ............................................    5
   2.6 Proxy ......................................................    5
   3. Elements of the Model .......................................    7
   3.1 SNMPv2 Entity ..............................................    7
   3.2 SNMPv2 Agent ...............................................    7
   3.3 SNMPv2 Manager .............................................    8
   3.4 SNMPv2 Dual-Role Entity ....................................    8
   3.5 View Subtree and Families ..................................    9
   3.6 MIB View ...................................................    9
   3.7 SNMPv2 Context .............................................   10
   3.7.1 Local SNMPv2 Context .....................................   11
   3.7.2 Proxy SNMPv2 Context .....................................   11
   3.8 SNMPv2 PDUs and Operations .................................   12
   3.8.1 The Report-PDU ...........................................   12
   3.9 SNMPv2 Access Control Policy ...............................   13
   4. Security Considerations .....................................   13
   5. Editor's Address ............................................   14
   6. Acknowledgements ............................................   14
   7. References ..................................................   14
   Appendix A Disambiguating the SNMPv2 Protocol Definition .......   16
   Appendix B Who Sends Inform-Requests?  .........................   17
   Appendix B.1 Management Philosophy .............................   17
   Appendix B.2 The Danger of Trap Storms .........................   17
   Appendix B.3 Inform-Requests ...................................   18





McCloghrie                    Experimental                      [Page 1]

RFC 1909        An SNMPv2 Administrative Infrastructure    February 1996


1.  Introduction

   A management system contains:  several (potentially many) nodes, each
   with a processing entity, termed an agent, which has access to
   management instrumentation; at least one management station; and, a
   management protocol, used to convey management information between
   the agents and management stations.  Operations of the protocol are
   carried out under an administrative framework which defines
   authentication, authorization, access control, and privacy policies.

   Management stations execute management applications which monitor and
   control managed elements.  Managed elements are devices such as
   hosts, routers, terminal servers, etc., which are monitored and
   controlled via access to their management information.

   It is the purpose of this document, An Administrative Infrastructure
   for SNMPv2, to define an administrative framework which realizes
   effective management in a variety of configurations and environments.
   The SNMPv2 framework is fully described in [1-6].  This framework is
   derived from the original Internet-standard Network Management
   Framework (SNMPv1), which consists of these three documents:

      STD 16, RFC 1155 [7] which defines the Structure of Management
      Information (SMI), the mechanisms used for describing and naming
      objects for the purpose of management.

      STD 16, RFC 1212 [8] which defines a more concise description
      mechanism, which is wholly consistent with the SMI.

      STD 15, RFC 1157 [9] which defines the Simple Network Management
      Protocol (SNMP), the protocol used for network access to managed
      objects.

   For information on coexistence between SNMPv1 and SNMPv2, consult
   [10].

2.  Overview

   A management domain typically contains a large amount of management
   information.  Each individual item of management information is an
   instance of a managed object type.  The definition of a related set
   of managed object types is contained in a Management Information Base
   (MIB) module.  Many such MIB modules are defined.  For each managed
   object type it describes, a MIB module defines not only the semantics
   and syntax of that managed object type, but also the method of
   identifying an individual instance so that multiple instances of the
   same managed object type can be distinguished.




McCloghrie                    Experimental                      [Page 2]

RFC 1909        An SNMPv2 Administrative Infrastructure    February 1996


2.1.  Contexts

   Typically, there are many instances of each managed object type
   within a management domain.  For simplicity, the method for
   identifying instances specified by the MIB module does not allow each
   instance to be distinguished amongst the set of all instances within
   the management domain; rather, it allows each instance to be
   identified only within some scope or "context", where there are
   multiple such contexts within the management domain.  Often, a
   context is a physical device, or perhaps, a logical device, although
   a context can also encompass multiple devices, or a subset of a
   single device, or even a subset of multiple devices.  Thus, in order
   to identify an individual item of management information within the
   management domain, its context must be identified in addition to its
   object type and its instance.

   For example, the managed object type, ifDescr [11], is defined as the
   description of a network interface.  To identify the description of
   device-X's first network interface, three pieces of information are
   needed, e.g., device-X (the context), ifDescr (the managed object
   type), and "1" (the instance).

   Note that each context has (at least) one globally-unique
   identification within the management domain.  Note also that the same
   item of management information can exist in multiple contexts.  So,
   an item of management information can have multiple globally-unique
   identifications, either because it exists in multiple contexts,
   and/or because each such context has multiple globally-unique
   identifications.

2.2.  Authorization: Access Rights and MIB Views

   For security reasons, it is often valuable to be able to restrict the
   access rights of some management applications to only a subset of the
   management information in the management domain.  To provide this
   capability, access to a context is via a "MIB view" which details a
   specific set of managed object types (and optionally, the specific
   instances of object types) within that context.  For example, for a
   given context, there will typically always be one MIB view which
   provides access to all management information in that context, and
   often there will be other MIB views each of which contains some
   subset of the information.  So, by providing access rights to a
   management application in terms of the particular (subset) MIB view
   it can access for that context, then the management application is
   restricted in the desired manner.

   Since managed object types (and their instances) are identified via
   the tree-like naming structure of ISO's OBJECT IDENTIFIERs [12, 1],



McCloghrie                    Experimental                      [Page 3]

RFC 1909        An SNMPv2 Administrative Infrastructure    February 1996


   it is convenient to define a MIB view as the combination of a set of
   "view subtrees", where each view subtree is a sub-tree within the
   managed object naming tree.  Thus, a simple MIB view (e.g., all
   managed objects within the Internet Network Management Framework) can
   be defined as a single view sub-tree, while more complicated MIB
   views (e.g., all information relevant to a particular network
   interface) can be represented by the union of multiple view sub-
   trees.

   While any set of managed objects can be described by the union of
   some number of view subtrees, situations can arise that would require
   a very large number of view subtrees.  This could happen, for
   example, when specifying all columns in one conceptual row of a MIB
   table because they would appear in separate subtrees, one per column,
   each with a very similar format.  Because the formats are similar,
   the required set of subtrees can easily be aggregated into one
   structure.  This structure is named a family of view subtrees after
   the set of subtrees that it conceptually represents.  A family of
   view subtrees can either be included or excluded from a MIB view.

   In addition to restricting access rights by identifying (sub-)sets of
   management information, it is also valuable to restrict the requests
   allowed on the management information within a particular context.
   For example, one management application might be prohibited from
   write-access to a particular context, while another might be allowed
   to perform any type of operation.

2.3.  Authentication and Privacy

   The enforcement of access rights requires the means not only to
   identify the entity on whose behalf a request is generated but also
   to authenticate such identification.  Another security capability
   which is (optionally) provided is the ability to protect the data
   within an SNMPv2 operation from disclosure (i.e., to encrypt the
   data).  This is particularly useful when sensitive data (e.g.,
   passwords, or security keys) are accessed via SNMPv2 requests.

   Recommendations for which algorithms are best for authentication and
   privacy are subject to change.  Such changes may occur as and when
   new research results on the vulnerability of various algorithms are
   published, and/or with the prevailing status of export control and
   patent issues.  Thus, it is valuable to allow these algorithms to be
   specified as parameters, so that new algorithms can be accommodated
   over time.  In particular, one type of algorithm which may become
   useful in the future is the set of algorithms associated with
   asymmetric (public key) cryptography.

   Note that not all accesses via SNMPv2 requests need to be secure.



McCloghrie                    Experimental                      [Page 4]

RFC 1909        An SNMPv2 Administrative Infrastructure    February 1996


   Indeed, there are purposes for which insecure access is required.
   One example of this is the ability of a management application to
   learn about devices of which it has no previous knowledge.  Another
   example is to perform any synchronization which the security
   algorithms need before they can be used to communicate securely.
   This need for insecure access is accommodated by defining one of the
   algorithms for authentication as providing no authentication, and
   similarly, one of the algorithms for privacy as providing no
   protection against disclosure.  (The combination of these two
   insecure algorithms is sometimes referred to as "noAuth/noPriv".)

2.4.  Access Control

   An access control policy specifies the types of SNMPv2 requests and
   associated MIB views which are authorized for a particular identity
   (on whose behalf a request is generated) when using a particular
   level of security to access a particular context.

2.5.  Security Models

   A security model defines the mechanisms used to achieve an
   administratively-defined level of security for protocol interactions:

(1)  by defining the security parameters associated with a
     communication, including the authentication and privacy algorithms
     and the security keys (if any) used.

(2)  by defining how entities on whose behalf requests are generated are
     identified.

(3)  by defining how contexts are identified.

(4)  by defining the mechanisms by which an access control policy is
     derived whenever management information is to be accessed.

2.6.  Proxy

   It is an SNMPv2 agent which responds to requests for access to
   management information.  Each such request is contained within an
   SNMPv2 message which provides the capability to perform a single
   operation on a list of items of management information.  Rather than
   having to identify the context as well as the managed object type and
   instance for each item of management information, each SNMPv2 message
   is concerned with only a single context.  Thus, an SNMPv2 agent must
   be able to process requests for all items of management information
   within the one or more contexts it supports.





McCloghrie                    Experimental                      [Page 5]

RFC 1909        An SNMPv2 Administrative Infrastructure    February 1996


   In responding to a request, an SNMPv2 agent might be acting as a
   proxy for some other agent.  The term "proxy" has historically been
   used very loosely, with multiple different meanings.  These different
   meanings include (among others):

(1)  the forwarding of SNMPv2 requests on to other SNMP agents without
     regard for what managed object types are being accessed; for
     example, in order to forward SNMPv2 request from one transport
     domain to another, or to translate SNMPv2 requests into SNMPv1
     requests;

(2)  the translation of SNMPv2 requests into operations of some non-SNMP
     management protocol;

(3)  support for aggregated managed objects where the value of one
     managed object instance depends upon the values of multiple other
     (remote) items of management information.

   Each of these scenarios can be advantageous; for example, support for
   aggregation for management information can significantly reduce the
   bandwidth requirements of large-scale management activities.
   However, using a single term to cover multiple different scenarios
   causes confusion.

   To avoid such confusion, this SNMPv2 administrative framework uses
   the term "proxy" with a much more tightly defined meaning, which
   covers only the first of those listed above.  Specifically, the
   distinction between a "regular SNMPv2 agent" and a "proxy SNMPv2
   agent" is simple:

  -  a proxy SNMPv2 agent is an SNMPv2 agent which forwards requests on
     to other agents according to the context, and irrespective of the
     specific managed object types being accessed;

  -  in contrast, an SNMPv2 agent which processes SNMPv2 requests
     according to the (names of the) individual managed object types and
     instances being accessed, is NOT a proxy SNMPv2 agent from the
     perspective of this administrative model.

   Thus, when an SNMPv2 agent acts as a proxy SNMPv2 agent for a
   particular context, although information on how to forward the
   request is specifically associated with that context, the proxy
   SNMPv2 agent has no need of a detailed definition of the MIB view
   (since the proxy SNMPv2 agent forwards the request irrespective of
   the managed object types).

   In contrast, a SNMPv2 agent operating without proxy must have the
   detailed definition of the MIB view, and even if it needs to issue



McCloghrie                    Experimental                      [Page 6]

RFC 1909        An SNMPv2 Administrative Infrastructure    February 1996


   requests to other agents, that need is dependent on the individual
   managed object instances being accessed (i.e., not only on the
   context).

3.  Elements of the Model

   This section provides a more formal description of the model.

3.1.  SNMPv2 Entity

   An SNMPv2 entity is an actual process which performs management
   operations by generating and/or responding to SNMPv2 protocol
   messages in the manner specified in [4].  An SNMPv2 entity assumes
   the identity of a particular administrative entity when processing an