rfc1067.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

   specifies the exchange of messages via the UDP protocol [8], the
   mechanisms of the SNMP are generally suitable for use with a wide
   variety of transport services.

3.2.5.  Definition of Administrative Relationships

   The SNMP architecture admits a variety of administrative
   relationships among entities that participate in the protocol.  The
   entities residing at management stations and network elements which
   communicate with one another using the SNMP are termed SNMP
   application entities.  The peer processes which implement the SNMP,
   and thus support the SNMP application entities, are termed protocol
   entities.

   A pairing of an SNMP agent with some arbitrary set of SNMP
   application entities is called an SNMP community.  Each SNMP
   community is named by a string of octets, that is called the
   community name for said community.

   An SNMP message originated by an SNMP application entity that in fact
   belongs to the SNMP community named by the community component of
   said message is called an authentic SNMP message.  The set of rules
   by which an SNMP message is identified as an authentic SNMP message
   for a particular SNMP community is called an authentication scheme.
   An implementation of a function that identifies authentic SNMP
   messages according to one or more authentication schemes is called an
   authentication service.

   Clearly, effective management of administrative relationships among
   SNMP application entities requires authentication services that (by
   the use of encryption or other techniques) are able to identify
   authentic SNMP messages with a high degree of certainty.  Some SNMP
   implementations may wish to support only a trivial authentication
   service that identifies all SNMP messages as authentic SNMP messages.

   For any network element, a subset of objects in the MIB that pertain
   to that element is called a SNMP MIB view.  Note that the names of
   the object types represented in a SNMP MIB view need not belong to a



Case, Fedor, Schoffstall, & Davin                               [Page 7]

RFC 1067                          SNMP                       August 1988


   single sub-tree of the object type name space.

   An element of the set { READ-ONLY, READ-WRITE } is called an SNMP
   access mode.

   A pairing of a SNMP access mode with a SNMP MIB view is called an
   SNMP community profile.  A SNMP community profile represents
   specified access privileges to variables in a specified MIB view. For
   every variable in the MIB view in a given SNMP community profile,
   access to that variable is represented by the profile according to
   the following conventions:

      (1)  if said variable is defined in the MIB with "Access:" of
           "none," it is unavailable as an operand for any operator;

      (2)  if said variable is defined in the MIB with "Access:" of
           "read-write" or "write-only" and the access mode of the
           given profile is READ-WRITE, that variable is available
           as an operand for the get, set, and trap operations;

      (3)  otherwise, the variable is available as an operand for
           the get and trap operations.

      (4)  In those cases where a "write-only" variable is an
           operand used for the get or trap operations, the value
           given for the variable is implementation-specific.

   A pairing of a SNMP community with a SNMP community profile is called
   a SNMP access policy. An access policy represents a specified
   community profile afforded by the SNMP agent of a specified SNMP
   community to other members of that community.  All administrative
   relationships among SNMP application entities are architecturally
   defined in terms of SNMP access policies.

   For every SNMP access policy, if the network element on which the
   SNMP agent for the specified SNMP community resides is not that to
   which the MIB view for the specified profile pertains, then that
   policy is called a SNMP proxy access policy. The SNMP agent
   associated with a proxy access policy is called a SNMP proxy agent.
   While careless definition of proxy access policies can result in
   management loops, prudent definition of proxy policies is useful in
   at least two ways:

      (1)  It permits the monitoring and control of network elements
           which are otherwise not addressable using the management
           protocol and the transport protocol.  That is, a proxy
           agent may provide a protocol conversion function allowing
           a management station to apply a consistent management



Case, Fedor, Schoffstall, & Davin                               [Page 8]

RFC 1067                          SNMP                       August 1988


           framework to all network elements, including devices such
           as modems, multiplexors, and other devices which support
           different management frameworks.

      (2)  It potentially shields network elements from elaborate
           access control policies.  For example, a proxy agent may
           implement sophisticated access control whereby diverse
           subsets of variables within the MIB are made accessible
           to different management stations without increasing the
           complexity of the network element.

   By way of example, Figure 1 illustrates the relationship between
   management stations, proxy agents, and management agents.  In this
   example, the proxy agent is envisioned to be a normal Internet
   Network Operations Center (INOC) of some administrative domain which
   has a standard managerial relationship with a set of management
   agents.


































Case, Fedor, Schoffstall, & Davin                               [Page 9]

RFC 1067                          SNMP                       August 1988


   +------------------+       +----------------+      +----------------+
   |  Region #1 INOC  |       |Region #2 INOC  |      |PC in Region #3 |
   |                  |       |                |      |                |
   |Domain=Region #1  |       |Domain=Region #2|      |Domain=Region #3|
   |CPU=super-mini-1  |       |CPU=super-mini-1|      |CPU=Clone-1     |
   |PCommunity=pub    |       |PCommunity=pub  |      |PCommunity=slate|
   |                  |       |                |      |                |
   +------------------+       +----------------+      +----------------+
          /|\                      /|\                     /|\
           |                        |                       |
           |                        |                       |
           |                       \|/                      |
           |               +-----------------+              |
           +-------------->| Region #3 INOC  |<-------------+
                           |                 |
                           |Domain=Region #3 |
                           |CPU=super-mini-2 |
                           |PCommunity=pub,  |
                           |         slate   |
                           |DCommunity=secret|
           +-------------->|                 |<-------------+
           |               +-----------------+              |
           |                       /|\                      |
           |                        |                       |
           |                        |                       |
          \|/                      \|/                     \|/
   +-----------------+     +-----------------+       +-----------------+
   |Domain=Region#3  |     |Domain=Region#3  |       |Domain=Region#3  |
   |CPU=router-1     |     |CPU=mainframe-1  |       |CPU=modem-1      |
   |DCommunity=secret|     |DCommunity=secret|       |DCommunity=secret|
   +-----------------+     +-----------------+       +-----------------+


   Domain:  the administrative domain of the element
   PCommunity:  the name of a community utilizing a proxy agent
   DCommunity:  the name of a direct community


                                 Figure 1
                 Example Network Management Configuration











Case, Fedor, Schoffstall, & Davin                              [Page 10]

RFC 1067                          SNMP                       August 1988


3.2.6.  Form and Meaning of References to Managed Objects

   The SMI requires that the definition of a conformant management
   protocol address:

      (1)  the resolution of ambiguous MIB references,

      (2)  the resolution of MIB references in the presence multiple
           MIB versions, and

      (3)  the identification of particular instances of object
           types defined in the MIB.

3.2.6.1.  Resolution of Ambiguous MIB References

   Because the scope of any SNMP operation is conceptually confined to
   objects relevant to a single network element, and because all SNMP
   references to MIB objects are (implicitly or explicitly) by unique
   variable names, there is no possibility that any SNMP reference to
   any object type defined in the MIB could resolve to multiple
   instances of that type.

3.2.6.2.  Resolution of References across MIB Versions

   The object instance referred to by any SNMP operation is exactly that
   specified as part of the operation request or (in the case of a get-
   next operation) its immediate successor in the MIB as a whole.  In
   particular, a reference to an object as part of some version of the
   Internet-standard MIB does not resolve to any object that is not part
   of said version of the Internet-standard MIB, except in the case that
   the requested operation is get-next and the specified object name is
   lexicographically last among the names of all objects presented as
   part of said version of the Internet-Standard MIB.

3.2.6.3.  Identification of Object Instances

   The names for all object types in the MIB are defined explicitly
   either in the Internet-standard MIB or in other documents which
   conform to the naming conventions of the SMI.  The SMI requires that
   conformant management protocols define mechanisms for identifying
   individual instances of those object types for a particular network
   element.

   Each instance of any object type defined in the MIB is identified in
   SNMP operations by a unique name called its "variable name." In
   general, the name of an SNMP variable is an OBJECT IDENTIFIER of the
   form x.y, where x is the name of a non-aggregate object type defined
   in the MIB and y is an OBJECT IDENTIFIER fragment that, in a way



Case, Fedor, Schoffstall, & Davin                              [Page 11]

RFC 1067                          SNMP                       August 1988


   specific to the named object type, identifies the desired instance.

   This naming strategy admits the fullest exploitation of the semantics
   of the GetNextRequest-PDU (see Section 4), because it assigns names
   for related variables so as to be contiguous in the lexicographical
   ordering of all variable names known in the MIB.

   The type-specific naming of object instances is defined below for a
   number of classes of object types.  Instances of an object type to
   which none of the following naming conventions are applicable are
   named by OBJECT IDENTIFIERs of the form x.0, where x is the name of
   said object type in the MIB definition.

   For example, suppose one wanted to identify an instance of the
   variable sysDescr The object class for sysDescr is:

             iso org dod internet mgmt mib system sysDescr
              1   3   6     1      2    1    1       1

   Hence, the object type, x, would be 1.3.6.1.2.1.1.1 to which is
   appended an instance sub-identifier of 0.  That is, 1.3.6.1.2.1.1.1.0
   identifies the one and only instance of sysDescr.

3.2.6.3.1.  ifTable Object Type Names

   The name of a subnet interface, s, is the OBJECT IDENTIFIER value of
   the form i, where i has the value of that instance of the ifIndex
   object type associated with s.

   For each object type, t, for which the defined name, n, has a prefix
   of ifEntry, an instance, i, of t is named by an OBJECT IDENTIFIER of
   the form n.s, where s is the name of the subnet interface about which
   i represents information.

   For example, suppose one wanted to identify the instance of the
   variable ifType associated with interface 2.  Accordingly, ifType.2
   would identify the desired instance.

3.2.6.3.2.  atTable Object Type Names

   The name of an AT-cached network address, x, is an OBJECT IDENTIFIER
   of the form 1.a.b.c.d, where a.b.c.d is the value (in the familiar
   "dot" notation) of the atNetAddress object type associated with x.

   The name of an address translation equivalence e is an OBJECT
   IDENTIFIER value of the form s.w, such that s is the value of that
   instance of the atIndex object type associated with e and such that w
   is the name of the AT-cached network address associated with e.



Case, Fedor, Schoffstall, & Davin                              [Page 12]

RFC 1067                          SNMP                       August 1988


   For each object type, t, for which the defined name, n, has a prefix
   of atEntry, an instance, i, of t is named by an OBJECT IDENTIFIER of
   the form n.y, where y is the name of the address translation
   equivalence about which i represents information.

   For example, suppose one wanted to find the physical address of an
   entry in the address translation table (ARP cache) associated with an
   IP address of 89.1.1.42 and interface 3.  Accordingly,
   atPhysAddress.3.1.89.1.1.42 would identify the desired instance.

3.2.6.3.3.  ipAddrTable Object Type Names

   The name of an IP-addressable network element, x, is the OBJECT
   IDENTIFIER of the form a.b.c.d such that a.b.c.d is the value (in the
   familiar "dot" notation) of that instance of the ipAdEntAddr object
   type associated with x.

   For each object type, t, for which the defined name, n, has a prefix
   of ipAddrEntry, an instance, i, of t is named by an OBJECT IDENTIFIER
   of the form n.y, where y is the name of the IP-addressable network
   element about which i represents information.

   For example, suppose one wanted to find the network mask of an entry
   in the IP interface table associated with an IP address of 89.1.1.42.
   Accordingly, ipAdEntNetMask.89.1.1.42 would identify the desired
   instance.