📄 rfc1445.txt
字号:
management information about the SNMPv2 context named "local" held by the agent named gracie by issuing a SNMPv2 GetNext request message. The manager consults its local database of party information. Because the authentication protocol for the party george is recorded as noAuth, the GetNext request message generated by the manager is not authenticated as to origin and integrity. Because, according to the manager's local database of party information, the privacy protocol for the party gracie is noPriv, the GetNext request message is not protected from disclosure. Rather, it is simply assembled, serialized, and transmitted to the transport address (IP address 1.2.3.4, UDP port 161) associated in the manager's local database of party information with the party gracie. When the GetNext request message is received at the agent, the identity of the party to which it is directed (gracie) is Galvin & McCloghrie [Page 24]
RFC 1445 Administrative Model for SNMPv2 April 1993 extracted from the message, and the receiving entity consults its local database of party information. Because the privacy protocol for the party gracie is recorded as noPriv, the received message is assumed not to be protected from disclosure. Similarly, the identity of the originating party (george) is extracted, and the local database of party information is consulted. Because the authentication protocol for the party george is recorded as noAuth, the received message is immediately accepted as authentic. The received message is fully processed only if the agent's local database of access policy information authorizes GetNext request communications by the party george to the agent party gracie with respect to the SNMPv2 context "local". The database of access policy information presented as Table 3 authorizes such communications (as well as Get and GetBulk operations). When the received request is processed, a Response message is generated which references the SNMPv2 context "local" and identifies gracie as the source party and george, the party from which the request originated, as the destination party. Because the authentication protocol for gracie is recorded in the local database of party information as noAuth, the generated Response message is not authenticated as to origin or integrity. Because, according to the local database of party information, the privacy protocol for the party george is noPriv, the response message is not protected from disclosure. The response message is transmitted to the transport address from which the corresponding request originated - without regard for the transport address associated with george in the local database of party information. When the generated response is received by the manager, the identity of the party to which it is directed (george) is extracted from the message, and the manager consults its local database of party information. Because the privacy protocol for the party george is recorded as noPriv, the received response is assumed not to be protected from disclosure. Similarly, the identity of the originating party (gracie) is extracted, and the local database of party information is consulted. Because the authentication protocol for the party gracie is recorded as noAuth, the received response is immediately accepted as authentic. Galvin & McCloghrie [Page 25]
RFC 1445 Administrative Model for SNMPv2 April 1993 The received message is fully processed only if the manager's local database of access policy information authorizes Response communications from the party gracie to the manager party george which reference the SNMPv2 context "local". The database of access policy information presented as Table 3 authorizes such Response messages (as well as SNMPv2-Trap messages). 4.2. Secure Minimal Agent Configuration This section presents an example configuration for a secure, minimal SNMPv2 agent that interacts with a single SNMPv2 management station. Table 4 presents information about SNMPv2 parties that is known both to the minimal agent and to the manager, while Table 5 presents similarly common information about the local access policy. The interaction of manager and agent in this configuration is very similar to that sketched above for the non-secure minimal agent - except that all protocol messages are authenticated as to origin and integrity and protected from disclosure. This example requires encryption in order to support distribution of secret keys via the SNMPv2 itself. A more elaborate example comprising an additional pair of SNMPv2 parties could support the exchange of non-secret information in authenticated messages without incurring the cost of encryption. An actual secure agent configuration may require SNMPv2 parties for which the authentication and privacy protocols are noAuth and noPriv, respectively, in order to support clock synchronization (see [6]). For clarity, these additional parties are not represented in this example. Galvin & McCloghrie [Page 26]
RFC 1445 Administrative Model for SNMPv2 April 1993 Identity ollie stan (agent) (manager) Domain snmpUDPDomain snmpUDPDomain Address 1.2.3.4, 161 1.2.3.5, 2001 Auth Prot v2md5AuthProtocol v2md5AuthProtocol Auth Priv Key "0123456789ABCDEF" "GHIJKL0123456789" Auth Pub Key "" "" Auth Clock 0 0 Auth Lifetime 300 300 Priv Prot desPrivProtocol desPrivProtocol Priv Priv Key "MNOPQR0123456789" "STUVWX0123456789" Priv Pub Key "" "" Table 4: Party Information for Secure Minimal Agent Target Subject Context Privileges ollie stan local 35 (Get, GetNext & GetBulk) stan ollie local 132 (Response & SNMPv2-Trap) Table 5: Access Information for Secure Minimal Agent As represented in Table 4, the example agent party operates at UDP port 161 at IP address 1.2.3.4 using the party identity ollie; the example manager operates at UDP port 2001 at IP address 1.2.3.5 using the identity stan. At minimum, a secure SNMPv2 agent implementation must provide for administrative configuration (and non-volatile storage) of relevant information about two SNMPv2 parties: itself and a remote peer. Both ollie and stan authenticate all messages that they generate by using the SNMPv2 authentication protocol v2md5AuthProtocol and their distinct, private authentication keys. Although these private authentication key values ("0123456789ABCDEF" and "GHIJKL0123456789") are presented here for expository purposes, knowledge of private authentication keys is not normally afforded to human beings and is confined to those portions of the protocol implementation that require it. Galvin & McCloghrie [Page 27]
RFC 1445 Administrative Model for SNMPv2 April 1993 When using the v2md5AuthProtocol, the public authentication key for each SNMPv2 party is never used in authentication and verification of SNMPv2 exchanges. Also, because the v2md5AuthProtocol is symmetric in character, the private authentication key for each party must be known to another SNMPv2 party with which authenticated communication is desired. In contrast, asymmetric (public key) authentication protocols would not depend upon sharing of a private key for their operation. All protocol messages generated for transmission to the party stan are encrypted using the desPrivProtocol privacy protocol and the private key "STUVWX0123456789"; they are decrypted upon reception according to the same protocol and key. Similarly, all messages generated for transmission to the party ollie are encrypted using the desPrivProtocol protocol and private privacy key "MNOPQR0123456789"; they are correspondingly decrypted on reception. As with authentication keys, knowledge of private privacy keys is not normally afforded to human beings and is confined to those portions of the protocol implementation that require it. 4.3. MIB View Configurations This section describes a convention for the definition of MIB views and, using that convention, presents example configurations of MIB views for SNMPv2 contexts that refer to local object resources. A MIB view is defined by a collection of view subtrees (see Section 2.6), and any MIB view may be represented in this way. Because MIB view definitions may, in certain cases, comprise a very large number of view subtrees, a convention for abbreviating MIB view definitions is desirable. The convention adopted in [4] supports abbreviation of MIB view definitions in terms of families of view subtrees that are either included in or excluded from the definition of the relevant MIB view. By this convention, a table locally maintained by each SNMPv2 entity defines the MIB view associated with each SNMPv2 context that refers to local object resources. Each entry in the table represents a family of view subtrees that (according to the type of that entry) is either included in or excluded from the MIB view of some Galvin & McCloghrie [Page 28]
RFC 1445 Administrative Model for SNMPv2 April 1993 SNMPv2 context. Each table entry represents a subtree family as a pairing of an OBJECT IDENTIFIER value (called the family name) together with a bitstring value (called the family mask). The family mask indicates which sub-identifiers of the associated family name are significant to the definition of the represented subtree family. For each possible MIB object instance, that instance belongs to the view subtree family represented by a particular table entry if o the OBJECT IDENTIFIER name of that MIB object instance comprises at least as many sub-identifiers as does the family name for said table entry, and o each sub-identifier in the name of said MIB object instance matches the corresponding sub-identifier of the relevant family name whenever the corresponding bit of the associated family mask is non-zero. The appearance of a MIB object instance in the MIB view for a particular SNMPv2 context is related to the membership of that instance in the subtree families associated with that SNMPv2 context in local table entries: o If a MIB object instance belongs to none of the relevant subtree families, then that instance is not in the MIB view for the relevant SNMPv2 context. o If a MIB object instance belongs to the subtree family represented by exactly one of the relevant table entries, then that instance is included in, or excluded from, the relevant MIB view according to the type of that entry. o If a MIB object instance belongs to the subtree families represented by more than one of the relevant table entries, then that instance is included in, or excluded from, the relevant MIB view according to the type of the single such table entry for which, first, the associated family name comprises the greatest number of sub- identifiers, and, second, the associated family name is lexicographically greatest. The subtree family represented by a table entry for which the associated family mask is all ones corresponds to the single view subtree identified by the family name for that entry. Because the convention of [4] provides for implicit extension Galvin & McCloghrie [Page 29]
RFC 1445 Administrative Model for SNMPv2 April 1993 of family mask values with ones, the subtree family represented by a table entry with a family mask of zero length always corresponds to a single view subtree. Context Type Family Name Family Mask lucy included internet ''H Table 6: View Definition for Minimal Agent Using this convention for abbreviating MIB view definitions, some of the most common definitions of MIB views may be conveniently expressed. For example, Table 6 illustrates the MIB view definitions required for a minimal SNMPv2 entity that having a single SNMPv2 context for which the associated MIB view embraces all instances of all MIB objects defined within the SNMPv2 Network Management Framework. The represented table has a single entry. The SNMPv2 context (lucy) for which that entry defines the MIB view is identified in the first column. The type of that entry (included) signifies that any MIB object instance belonging to the subtree family represented by that entry may appear in the MIB view for the SNMPv2 context lucy. The family name for that entry is internet, and the zero-length family mask value signifies that the relevant subtree family corresponds to the single view subtree rooted at that node. Another example of MIB view definition (see Table 7) is that of a SNMPv2 entity having multiple SNMPv2 contexts with distinct MIB views. The MIB view associated with the SNMPv2 context lucy comprises all instances of all MIB objects ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -