rfc2570.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Network Working Group                                            J. Case
Request for Comments: 2570                           SNMP Research, Inc.
Category: Informational                                         R. Mundy
                                    TIS Labs at Network Associates, Inc.
                                                              D. Partain
                                                                Ericsson
                                                              B. Stewart
                                                           Cisco Systems
                                                              April 1999

                    Introduction to Version 3 of the
             Internet-standard Network Management Framework



Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   The purpose of this document is to provide an overview of the third
   version of the Internet-standard Management Framework, termed the
   SNMP version 3 Framework (SNMPv3).  This Framework is derived from
   and builds upon both the original Internet-standard Management
   Framework (SNMPv1) and the second Internet-standard Management
   Framework (SNMPv2).

   The architecture is designed to be modular to allow the evolution of
   the Framework over time.

Table of Contents

   1 Introduction .....................................................2
   2 The Internet Standard Management Framework .......................3
   2.1 Basic Structure and Components .................................3
   2.2 Architecture of the Internet Standard Management Framework .....3
   3 The SNMPv1 Management Framework ..................................4
   3.1 The SNMPv1 Data Definition Language ............................5
   3.2 Management Information .........................................6
   3.3 Protocol Operations ............................................6
   3.4 SNMPv1 Security and Administration .............................6



Case, et al.                 Informational                      [Page 1]

RFC 2570                 Introduction to SNMPv3               April 1999


   4 The SNMPv2 Management Framework ..................................7
   5 The SNMPv3 Working Group .........................................8
   6 SNMPv3 Framework Module Specifications ..........................10
   6.1 Data Definition Language ......................................10
   6.2 MIB Modules ...................................................11
   6.3 Protocol Operations and Transport Mappings ....................12
   6.4 SNMPv3 Security and Administration ............................12
   7 Document Summaries ..............................................13
   7.1 Structure of Management Information ...........................13
   7.1.1 Base SMI Specification ......................................13
   7.1.2 Textual Conventions .........................................14
   7.1.3 Conformance Statements ......................................15
   7.2 Protocol Operations ...........................................15
   7.3 Transport Mappings ............................................15
   7.4 Protocol Instrumentation ......................................16
   7.5 Architecture / Security and Administration ....................16
   7.6 Message Processing and Dispatch (MPD) .........................16
   7.7 SNMP Applications .............................................17
   7.8 User-based Security Model (USM) ...............................17
   7.9 View-based Access Control (VACM) ..............................18
   7.10 SNMPv3 Coexistence and Transition ............................18
   8 Security Considerations .........................................19
   9 Editors' Addresses ..............................................19
   10 References .....................................................20
   11 Full Copyright Statement .......................................23

1 Introduction

   This document is an introduction to the third version of the
   Internet-standard Management Framework, termed the SNMP version 3
   Management Framework (SNMPv3) and has multiple purposes.

   First, it describes the relationship between the SNMP version 3
   (SNMPv3) specifications and the specifications of the SNMP version 1
   (SNMPv1) Management Framework, the SNMP version 2 (SNMPv2) Management
   Framework, and the Community-based Administrative Framework for
   SNMPv2.

   Second, it provides a roadmap to the multiple documents which contain
   the relevant specifications.

   Third, this document provides a brief easy-to-read summary of the
   contents of each of the relevant specification documents.

   This document is intentionally tutorial in nature and, as such, may
   occasionally be "guilty" of oversimplification.  In the event of a
   conflict or contradiction between this document and the more detailed
   documents for which this document is a roadmap, the specifications in



Case, et al.                 Informational                      [Page 2]

RFC 2570                 Introduction to SNMPv3               April 1999


   the more detailed documents shall prevail.

   Further, the detailed documents attempt to maintain separation
   between the various component modules in order to specify well-
   defined interfaces between them.  This roadmap document, however,
   takes a different approach and attempts to provide an integrated view
   of the various component modules in the interest of readability.

2 The Internet Standard Management Framework

   The third version of the Internet Standard Management Framework (the
   SNMPv3 Framework) is derived from and builds upon both the original
   Internet-standard Management Framework (SNMPv1) and the second
   Internet-standard Management Framework (SNMPv2).

   All versions (SNMPv1, SNMPv2, and SNMPv3) of the Internet Standard
   Management Framework share the same basic structure and components.
   Furthermore, all versions of the specifications of the Internet
   Standard Management Framework follow the same architecture.

2.1 Basic Structure and Components

   An enterprise deploying the Internet Standard Management Framework
   contains four basic components:

     * several (typically many) managed nodes, each with an SNMP entity
       which provides remote access to management instrumentation
       (traditionally called an agent);

     * at least one SNMP entity with management applications (typically
       called a manager),

     * a management protocol used to convey management information
       between the SNMP entities, and

     * management information.

   The management protocol is used to convey management information
   between SNMP entities such as managers and agents.

   This basic structure is common to all versions of the Internet
   Standard Management Framework; i.e., SNMPv1, SNMPv2, and SNMPv3.

2.2 Architecture of the Internet Standard Management Framework

   The specifications of the Internet Standard Management Framework are
   based on a modular architecture.  This framework is more than just a
   protocol for moving data.  It consists of:



Case, et al.                 Informational                      [Page 3]

RFC 2570                 Introduction to SNMPv3               April 1999


     * a data definition language,

     * definitions of management information (the Management
       Information Base, or MIB),

     * a protocol definition, and

     * security and administration.

   Over time, as the Framework has evolved from SNMPv1, through SNMPv2,
   to SNMPv3, the definitions of each of these architectural components
   have become richer and more clearly defined, but the fundamental
   architecture has remained consistent.

   One prime motivator for this modularity was to enable the ongoing
   evolution of the Framework as is documented in RFC 1052 [14].  When
   originally envisioned, this capability was to be used to ease the
   transition from SNMP-based management of internets to management
   based on OSI protocols.  To this end, the framework was architected
   with a protocol-independent data definition language and Management
   Information Base along with a MIB-independent protocol.  This
   separation was designed to allow the SNMP-based protocol to be
   replaced without requiring the management information to be redefined
   or reinstrumented.  History has shown that the selection of this
   architecture was the right decision for the wrong reason -- it turned
   out that this architecture has eased the transition from SNMPv1 to
   SNMPv2 and from SNMPv2 to SNMPv3 rather than easing the transition
   away from management based on the Simple Network Management Protocol.

   The SNMPv3 Framework builds and extends these architectural
   principles by:

     * building on these four basic architectural components, in some
       cases incorporating them from the SNMPv2 Framework by reference,
       and

     * by using these same layering principles in the definition of new
       capabilities in the security and administration portion of the
       architecture.

   Those who are familiar with the architecture of the SNMPv1 Management
   Framework and the SNMPv2 Management Framework will find many familiar
   concepts in the architecture of the SNMPv3 Management Framework.
   However, in some cases, the terminology may be somewhat different.







Case, et al.                 Informational                      [Page 4]

RFC 2570                 Introduction to SNMPv3               April 1999


3 The SNMPv1 Management Framework

   The original Internet-standard Network Management Framework (SNMPv1)
   is defined in the following documents:

     * STD 16, RFC 1155 [1] which defines the Structure of Management
       Information (SMI), the mechanisms used for describing and naming
       objects for the purpose of management.

     * STD 16, RFC 1212 [2] which defines a more concise description
       mechanism for describing and naming management information objects,
       but which is wholly consistent with the SMI.

     * STD 15, RFC 1157 [3] which defines the Simple Network Management
       Protocol (SNMP), the protocol used for network access to managed
       objects and event notification. Note this document also defines an
       initial set of event notifications.

   Additionally, two documents are generally considered to be companions
   to these three:

     * STD 17, RFC 1213 [13] which contains definitions for the base
       set of management information

     * RFC 1215 [25] defines a concise description mechanism for
       defining event notifications, which are called traps in the SNMPv1
       protocol. It also specifies the generic traps from RFC 1157 in the
       concise notation.

   These documents describe the four parts of the first version of the
   SNMP Framework.

3.1 The SNMPv1 Data Definition Language

   The first two and the last document describe the SNMPv1 data
   definition language.   Note that due to the initial requirement that
   the SMI be protocol-independent, the first two SMI documents do not
   provide a means for defining event notifications (traps).  Instead,
   the SNMP protocol document defines a few standardized event
   notifications (generic traps) and provides a means for additional
   event notifications to be defined. The last document specifies a
   straight-forward approach towards defining event notifications used
   with the SNMPv1 protocol. At the time that it was written, use of
   traps in the Internet-standard network management framework was
   controversial.  As such, RFC 1215 was put forward with the status of
   "Informational", which was never updated because it was believed that
   the second version of the SNMP Framework would replace the first
   version.  Note that the SNMPv1 data definition language is sometimes



Case, et al.                 Informational                      [Page 5]

RFC 2570                 Introduction to SNMPv3               April 1999


   referred to as SMIv1.

3.2 Management Information

   The data definition language described in the first two documents was
   first used to define the now-historic MIB-I as specified in RFC 1066
   [12], and was subsequently used to define MIB-II as specified in RFC
   1213 [13].

   Later, after the publication of MIB-II, a different approach to
   management information definition was taken from the earlier approach
   of having a single committee staffed by generalists work on a single
   document to define the Internet-standard MIB.  Rather, many mini-MIB
   documents were produced in a parallel and distributed fashion by
   groups chartered to produce a specification for a focused portion of
   the Internet-standard MIB and staffed by personnel with expertise in
   those particular areas ranging from various aspects of network
   management, to system management, and application management.

3.3 Protocol Operations

   The third document, STD 15, describes the SNMPv1 protocol operations
   performed by protocol data units (PDUs) on lists of variable bindings
   and describes the format of SNMPv1 messages. The operators defined by
   SNMPv1 are:  get, get-next, get-response, set-request, and trap.
   Typical layering of SNMP on a connectionless transport service is
   also defined.

3.4 SNMPv1 Security and Administration

   STD 15 also describes an approach to security and administration.
   Many of these concepts are carried forward and some, particularly
   security, are extended by the SNMPv3 Framework.

   The SNMPv1 Framework describes the encapsulation of SNMPv1 PDUs in
   SNMP messages between SNMP entities and distinguishes between
   application entities and protocol entities.  In SNMPv3, these are