INTERNET-DRAFT SNMP CONFIGURATION July 2000
M. MacFaden
Riverstone Networks, Inc
J. Saperia
JDS Consulting, Inc
CONFIGURING NETWORKS AND DEVICES WITH SNMP
draft-ietf-snmpconf-bcp-02.txt
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet
Engineering Task Force (IETF), its areas, and its working groups.
Note that other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as "work in
progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The Internet Society (2000). All Rights Reserved.
Abstract
This document is intended for vendors building equipment using the
Internet Standard Management Framework as well as for users of such
equipment. General guidelines for configuration are presented from
MacFaden/Saperia January 2000 [Page 1]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
which specific current best practices using the Internet Standard
Management Framework are derived.
NOTE: this work is very much a draft in progress. Reviewer comments,
questions and criticisms welcome on the snmpconf mailing list.
Table of Contents
Copyright Notice .................................................... 1
Abstract ........................................................... 1
1. Introduction ..................................................... 3
2. Document Organization ............................................ 4
3. Background - Practicing Configuration ............................ 4
4. Requirements ..................................................... 5
4.1 Fundamental Tenets of configuration ............................. 5
4.2 Requirements of configuration .................................. 6
4.3 Agent Software Development .................................... 7
4.3.1 Define read-write objects at the "right" level of abstraction.. 7
4.3.2 Separate out configuration sets from activation of configuration
sets ................................................................ 9
4.3.3 Employ summary objects so managers can track overall state of
configuration easily and efficiently ................................ 9
4.3.4 Handle activation latency early in the design of read-write
objects ............................................................ 9
4.3.5 Do not rely on the SNMP to report application layer errors for
SET operations ......................................................12
4.3.6 Do not create read-write objects that overlap in capability or
activate potentially the same instance...............................12
4.3.7 Use common Textual Conventions whenever possible, especially
when defining enumerations ..........................................13
4.3.8 Distinguishing which enumeration's an agent can support should
be done in an Agent Capability MIB or by designing the MIB to indicate
required basic capabilities ........................................ 14
4.3.9 RowStatus objects should return notReady(3) value if one or more
mandatory objects in a given row have not been set ..................14
4.3.10 For objects contained in a table, specify semantics of changing
a value when the row is in active(1) stat e ........................ 15
4.3.11 Extending IETF standard notifications is considered permissible.
15
4.3.13 Octet strings should not be used to aggregate multiple objects.
16
4.3.14 Design in an upper limit on the number of notifications (or
traps) that can be sent in response to a given event ............... 16
4.3.15 Currency with RFC MIB Module Standards 17
MacFaden/Saperia January 2000 [Page 2]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
4.3.16 Do not ship a device with a community string "public" or
"private" .......................................................... 17
4.3.17 The default state of RFC 1215 Authentication traps should be
off ................................................................ 17
4.3.18 Persistence expectations of sets should be well defined ..... 18
4.3.19 If a MIB object contains sensitive information, then specify so
in DESCRIPTION clause the need for encryption ...................... 18
4.3.20 Using OwnerString to represent row ownership can be a useful
diagnostic tool .................................................... 19
4.3.21 Using a TimeStamp in read-create tables to show when it was
activated is a useful diagnostic tool .............................. 19
5.0 Management Software Development ............................... 19
5.1 Protocol Operations ........................................... 20
5.2 SET Operations ................................................ 20
5.3 Configuration Transactions .................................... 21
5.4 Notifications ................................................. 21
5.5 Scale of the Management Software .............................. 22
5.6 Rate and Volume of Changes to Device .......................... 22
5.7 Handling Multiple Managers .................................... 22
5.8 Diagnostics and Configuration ................................. 23
6.0 Policy Based Management ........................................ 23
6.1 Introduction and Definition of Terms ........................... 23
6.2 Information Related to Policy Configuration .................... 25
6.3 Policy, Mechanism/Implementation and Instance Specific Modules
26
6.4 Schedule and Time Issues ....................................... 26
6.5 Conflict Detection, Resolution and Error Reporting ............. 27
6.6 Policy Precedence and Grouping ................................. 28
6.7 Changes to configuration outside of the policy system .......... 28
6.6 Use of Contexts ................................................ 28
6.8 Policy distribution applications ............................... 28
6.9 Notifications in a Policy System ............................... 28
7.0 Glossary ....................................................... 29
8.0 Example MIB .................................................... 29
9.0 References ..................................................... 37
10.0 Editors' Addresses ............................................ 39
11.0 Full Copyright Statement ...................................... 40
1. Introduction
Data networks have grown greatly in size and complexity over the
past decade. Configuration, also called provisioning of network
elements, has grown correspondingly more complex in a number of
aspects:
Scale - data networks consist of more devices than ever before.
Functionality - network devices increasingly perform more functions.
MacFaden/Saperia January 2000 [Page 3]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
Convergence - more protocols and network layers are involved than
ever before.
The SNMP framework continues to be used successfully to develop
configuration management systems for a broad range of devices. This
document describes Best Current Practices that should be used when
designing an effective SNMP-based element management system.
In addition to element management, the SNMP can be used to configure
groups of devices on a more abstract layer. Recently a great deal of
attention has been placed on policy based configuration management.
This document also includes recommendations for policy based
configuration. This document defines "Policy based configuration
management" as a set of configuration operations distributed to
potentially many network elements with the goal of achieving
consistent network behavior throughout a given autonomous system
[21].
This document draws on experience provisioning public and private
data networks over the past ten years. Over that same time-period,
significant experience has been gained in the development and
deployment of SNMP based management software, some of which also
performs configuration functions.
2. Document Organization
The background section describes how experienced operations staff
generally practices configuration of TCP/IP networks.
The first through fourht section on requirements enumerates the
goals and fundamental assumptions of configuration. Section 2 and 3
describe agent and management best current practices using the
Internet standard SNMP framework. Section 6 describes relationship
of Policy Management to SNMP framework. Section 8 presents a sample
MIB from which many examples are based.
3. Background - Practicing Configuration
The purpose of this section is to provide a sample configuration
sequence for evaluating many of the requirements in further sections
of this BCP.
Data network devices are configured using many mechanisms, however
two methods remain the most common: SNMP and Command
Line Interface (CLI).
MacFaden/Saperia January 2000 [Page 4]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
Layered on top of these mechanisms are operational methods for
deploying changes to networks in a cautious and incremental manner.
Experienced Network Operations staff makes changes to network
configurations and firmware with careful planning and well
documented procedures. Here is one model in detail:
A. Pass one: LAB tryout to verify reliability and interoperability
with prior versions of system code.
B. Pass two: select an edge of network during non-critical/off hours
to effect the change and plan for fall back should changes fail.
C. Apply change first via CLI to memory and watch device/network
carefully over some time period
D. After some time, write changes to persistent storage
E. Expand changes to a few more like devices
F. Keep mixed versions to prevent total loss of network
G. Watch for new unknown defaults
H. Watch for unknown side effects of changes
I. Update configurations in revision control system
Often, a diagnostic mode is present to deal with specific
implementation issues above and beyond the standard set of
instrumentation.
4. Requirements
This section describes basic realities affecting a configuration
management system from which specific requirements will be derived.
4.1 Fundamental Tenets of configuration
A "mere mortal" trained in the operation of a given technology
SHOULD be able to understand a device's state or some logical view
of that state. The configuration mechanism must not be more complex
than what is generally being configured so as to obscure what is
being configured.
Operators MUST have the ability to validate proper operation of a
device before and after configuration changes regardless of latency.
Put another way, the operator should have an integrated view of
configuration, status, and diagnostic information. Ideally there are
a series of tests the operator runs before and after a change is
MacFaden/Saperia January 2000 [Page 5]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
made to an operational network to ensure service remains intact. A
configuration subsystem should provide tools to facilitate such
tests. For example, when configuring a DNS system, the tool nslookup
is often used with a script to verify key database entries are
present and return the expected values.
Configuration can affect network stability and network stability can
affect configuration procedures. Achieving convergence (stability)
in an autonomous system is not an absolute given when configuration
changes are made. For example, if changes are made to
ospfIfHelloInterval and ospfIfRtrDeadInterval [22] timers in the
OSPF routing protocol such that both are set to the same value, two
routers may form an adjacency but then begin to cycle: lose
adjacency, form adjacency and so on never reach a converged (stable)
state.
Systems under configuration should be able to cope with unexpected
loss of control due to lost communications. Any modern configuration
protocol or process should be able to cope with a connectivity loss
between manager and managed device. Network elements must take
appropriate measures to leave the configuration in a
consistent/recognizable state by either rolling back to a previously
valid state or changing to a default state.
Here then are requirements for a modern configuration protocol.
4.2 Requirements of configuration
Diagnostic routines should be provided to verify proper operation of
complex protocols. Debugging is an integral part of the
configuration process. Subsystems should provide self-tests that
verify internal state as well as tests to verify external states.
Inclusion of debug/diagnostic tests that are exposed through a MIB
interface improve the chance configuration errors can be identified
and localized. The sequence test, set, test then becomes a normal
method if change control in a production environment.
Impact on convergence of an existing network should be specified in
the configuration MIB interface. For example, any configuration
change that causes loss of convergence should be noted in a
description clause. Should an implementation fail to meet the
convergence properties for a given object, notes can be made in an
agent-capabilities MIB variations clause. A similar requirement is
stated in "Requirements for IP Version 4 Routers" [20], section
1.3.4:
A vendor needs to provide adequate documentation on all
configuration parameters, their limits and effects.
MacFaden/Saperia January 2000 [Page 6]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
Any modern configuration protocol or process must be mindful of
connectivity loss between manager and managed device and take
appropriate measures to leave the network device or devices in a
consistent/recognizable state.
4.3. Agent Software Development
This chapter will enumerate a number of best current practices by
drawing upon a fictional MIB called ACME-HOUSECTRL-MIB. This MIB can
control familiar facilities found in a modern home and is defined in
Section 8.0 along with a sample agent capabilities definition. Along
the way, the BCP also reviews key capabilities in the SNMP such as
transactions, security, and error handling in the context of
configuration.
4.3.1 Define read-write objects at the "right" level of abstraction.
Metrics that can be employed during MIB design include number of
objects needed to configure a given system, the relations among
objects in the system, and the frequency at which they change state.
If a MIB used for configuration contains "too many" objects to
provision a given facility, then it is likely an abstraction
problem. If there are overlapping objects with similar capabilities,
then the abstraction may be to blame as well (See BCP6).
For example, consider the configuration request to turn on all
lights in a house. There may be tens of light circuits in a given
single family home. The MIB Designer might be tempted to create a
table with an instance for each lighting group controlled by one
more switches and have an object to turn that light group on/off.
Yet it considering the request, this would force the application
developer to issue sets with tens of objects. The MIB Designer might
solve this in at least two ways. First, specify an enumeration with
specific operations:
acmeGlobalHouseOperations OBJECT-TYPE
SYNTAX INTEGER {
turnOffAllLights (1),
turnOnAllLights(2)
dimAllLights(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
MacFaden/Saperia January 2000 [Page 7]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
"Actions to apply to all Lights in a house."
::= { acmeLightGlobals 2 }
The ease of adding such an object though has he drawback that the
relations to other read-create tables for which individual lights
suddenly become more complicated. What should happens to read-write
objects when all lights are turned using the above object is not
clearly spelled out. Exception cases then are created and an
application would have to poll all objects correctly to obtain the
current state of lights.
The second approach is to make the general command more powerful.
acmeLightGlobalHouseAction OBJECT-TYPE
SYNTAX INTEGER {
turnOn(1),
turnOff(2),
dim(3)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"Actions to apply to the lights enumerated in
acmeLightGlobalHouseArgument."
::= { acmeLightEntry 2 }
acmeLightGlobalHouseArgument OBJECT-TYPE
SYNTAX OCTET STRING
ACCESS read-write
STATUS mandatory
DESCRIPTION
"A bitwise encoding of indexes into the
light Table for which a given Action
will be applied to."
::= { acmeLightEntry 3 }
This solution makes interpreting what the original request was much
easier, but not what the current state of all the light-groups
currently are. If a history is needed of what commands were sent,
this table can record this aspect as well.
DISCUSION NOTE: Retrieving a consistent configuration remains
problematic from most SNMP agents that implement a wide range of
MIBs. There is no generic way to retrieve a configuration with out
a-priori knowing what objects to get. A solution that records every
object using the powerful getnext operator does not scale.
MacFaden/Saperia January 2000 [Page 8]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
4.3.2 Separate out configuration sets from activation of configuration
sets.
(ospfAdminStat, schedAdminStatus)
Any complex configuration should have a master on/off switch as well
as strategically placed on/off switches to control the employment of
configuration data. These controls play a pivotal role during the
configuration process as well as during diagnostics. Generally a
series of set operations should not cause an agent to act on each
object causing convergence/stability to be lost on each and every
set. Ideally a series of Set PDUs would install the configuration
and a final set series of PDUs would activate the changes.
During diagnostic situations, certain on/off switches can be set to
localize the perceived error instead of having to remove the
configuration.
DISCUSSION NOTE: ifAdminStatus effects on ifOperStatus, helps in one
case where one doesn't poll ifAdminStatus along with ifOperStatus,
but hurts in another as in trying to know if the link would be up
operationally without actually setting ifAdminStatus to up(1).
A master on/off switch for a given subsystem SHOULD be provided.
Often, these switches are useful for diagnostics such as to help
locate which subsystem is unstable as well as for a common
configuration sequence where a feature is taken off-line,
reconfigured then put back online.
Lastly, one should not overload RowStatus objects to control
activation/deactivation of a configuration. While RowStatus looks
ideally suited for such a purpose since a management application can
set a row to active(1), then set it to notInService(2) to disable it
then make it active(1) again, there is no guarantee that the agent
won't discard the row while it is in the notInService state.
For an example see RFC 2591 schedAdminStatus.
4.3.3 Employ summary objects so managers can track overall state of
configuration easily and efficiently.
It is generally important to track changes to a device and to sync
the changes with some specific configuration repository.
Creating summary status objects "dummy lights" to provide simple and
quick means to determine overall configuration-state of a subsystem.
MacFaden/Saperia January 2000 [Page 9]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
For example, checksums or configuration version ids could also be
computed over a configuration so that an application can reasonably
identify an entire configuration instead of having to poll many
"LastChange" objects or have to use TimeFilter style indexing to
achieve highly efficient polling of large tables.
The ACME-HOUSECTL-MIB contains the following definitions:
AcmeCfgVersion ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A value that starts at 0 and increases monotonically
until the max value is reached at which point the value
returns to 0."
SYNTAX Gauge32
acmeSysActiveConfigId OBJECT-TYPE
SYNTAX AcmeCfgVersion
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Current value of configuration information. This value
remains persistent across reboots and increases when
configuration changes are made to any object in this MIB."
::= { acmeHouseGlobals 3 }
If configuration changes are very frequent in the order of seconds
then the abstraction for configuration is probably wrong, see BCP1.
If polling would not scale, consider using Notifications for
reporting the old and new checksum objects.
Notifications should most always report objects that are readily
accessible to a manager station via polling.
4.3.4 Handle activation latency early in the design of read-write
objects.
(doscsIfDownChannelFrequency)
Many MIBs both standard and enterprise often make the mistake of
assuming an agent can activate a set operation as fast as it takes
the agent to reply to the manager for a given set PDU. When there is
anticipated latency in activating the results of a set operation a
MIB designer SHOULD either:
Define state machine to support the intermediate states
Separate out read state of the object from read-write state of the
object.
MacFaden/Saperia January 2000 [Page 10]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
For example, if the ACME-HOUSE-MIB had implemented the garage door
with a single object as follows:
acmePortGarageDoor OBJECT-TYPE
SYNTAX INTEGER { unknown(0), closed(1), open(2)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The current state of the garage door.
Most garage doors open completely within 12 seconds."
::= { acmePortGarageEntry 2 }
Manger Time 0
GetPDU acmePortGarageDoor.1.1
Agent Time 1
ResponsePDU error-index 0 error-code 0
acmePortGarageDoor.1.1 = open(2)
Manger Time 2
SetPDU acmePortGarageDoor.1.1 = closed(1)
Agent Time 3
ResponsePDU error-index 0 error-code 0
acmePortGarageDoor.1.1 = closed(1)
Manger Time 4
GetPDU acmePortGarageDoor.1.1
Agent Time 5
ResponsePDU error-index 0 error-code 0
acmePortGarageDoor.1.1 = open(2)
Manger Time 5+N (some seconds later...)
GetPDU acmePortGarageDoor.1.1
Agent Time N+4
ResponsePDU error-index 0 error-code 0
acmePortGarageDoor.1.1 = closed(1)
But the Manager expected the value of closed(1) since it had just
set that value! Repeated polling of the object will eventually
return the state value of closed(1) assuming nothing prevented the
door from returning to the open state.
Another variation on latency is the granularity of counter updates.
Mangers some devices can't update counters as fast as it may be
polled. One SHOULD indicate in the agent capability MIB for the
device what the minimum polling interval is.
MacFaden/Saperia January 2000 [Page 11]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
4.3.5 Do not rely on the SNMP to report application layer errors for
SET operations.
MIB Design for configuration SHOULD use objects to track application
level state. Management applications to date do not handle errors
gracefully from the SNMP. When designing a MIB for configuration, do
not rely on the SNMP error command set for application level state.
Even if the SNMP will catch a "badValue" error, the application
should report additional application level error-state that an
application can obtain from an agent and decode.
Failure to provide detailed diagnostic information leads to
management applications that end up reporting insufficient error
information.
acmeSysDeviceLastErr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A description of the last error that occurred in this MIB
due to configuration errors or status error presentable to
user interface."
::= { acmeHouseGlobals 7 }
4.3.6 Do not create read-write objects that overlap in capability or
activate potentially the same instance.
(dot1dStpPortEnable)
One SHOULD NOT duplicate configuration objects across MIBs.
While it may appear as a convenience, such as providing different
indexing schemes, the side effects may not be easily discernible.
For example, in the ACME-HOUSECTL-MIB, a designer might have
designed the following two objects at different times:
acmeWaterHeaterPilot OBJECT-TYPE
SYNTAX INTEGER {
off(1),
on(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
MacFaden/Saperia January 2000 [Page 12]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
"The current state of the pilot light."
::= { acmeWaterHeaderEntry 4 }
in one table indexed by instances of water heaters in a house and
then in another section of another MIB that adds a third state.
-- The state of all gas pilots
acmeGasPilotsStatus OBJECT-TYPE
SYNTAX INTEGER {
enabled(1), -- ready to pass gas
disabled(2),
primed(3) -- in some prime mode
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Gas Pilots have three states, initial state is disabled, then
primed which properly heats thermocouple and activates safety
valves, then enabled."
::= { acmeGasPilotsEntry 7 }
If a port is set to primed(3) via the acmeGasPilotsStatus what
should be reported in reported in acmeWaterHeaterPilot for the same
instance?
Fate sharing of the indexing should also be specified if possible
using SMI constructs such as AUGMENTS. If the relationship between
tables can not be defined using SMIv2 macros, then the DESCRIPTION
clause should define what should happen.
4.3.7 Use common Textual Conventions whenever possible, especially
when defining enumerations.
Textual conventions that have even the slightest chance of being
reused in other MIBs SHOULD also be defined in a separate MIB to
facilitate sharing of such objects.
For example, the state of an object can often be described using a
TruthValue textual convention instead of inventing yet another
Boolean condition.
acmePatioLights OBJECT-TYPE
SYNTAX INTEGER {
on(1),
off(2),
}
MAX-ACCESS read-write
MacFaden/Saperia January 2000 [Page 13]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
STATUS current
DESCRIPTION
"Current status of outdoor lighting."
::= { acmeOutDoorElectricalEntry 3 }
Would better expressed as follows:
AcmePatioLightsEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Current status of outdoor lighting."
::= { acmeOutDoorElectricalEntry 3 }
4.3.8 Distinguishing which enumeration's an agent can support should
be done in an Agent Capability MIB or by designing the MIB to indicate
required basic capabilities.
(dot1dDeviceCapabilities)
In some cases, the use of capability bits can alleviate this as
defined in RFC 2674 dot1dDeviceCapabilities can define some preset
levels of capability.
Example: can one subset a RowStatus implementation by just doing
createAndGo instead of createAndWait and still call it RowStatus?
When implementing a MIB object with the syntax of RowStatus, failure
to implement the entire state machine MUST not be done. There is no
VARIANT clause that allows one to implement only createAndGo and
destroy and any such implementation is NOT compliant with the SMI.
4.3.9 RowStatus objects should return notReady(3) value if one or more
mandatory objects in a given row have not been set.
When designing read-create objects in a table containing a RowStatus
object, first consider the default state of each object in the table
when a row is created via one simple createAndWait(5) PDU. If no
default state is applicable but the object must be set to some
value, the DESCRIPTION clause should specify this object as
mandatory. In addtion, an snmp get of such an object then should
return noSuchName if the object has not yet been set. The RowStatus
object should return notReady until all mandatory objects have been
specified.
MacFaden/Saperia January 2000 [Page 14]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
Should a given implementation require more objects to be set than
what is specified in a MIB, an Agent capabilities MIB can be used to
define the additional objects using the CREATION-REQUIRES clause.
Not implementing the above may result in a manager being mislead
that a transition to active(1) state will succeed without further
action by only polling the rowStatus object and receiving the
notInService(2) value from an agent.
4.3.10 For objects contained in a table, specify semantics of changing
a value when the row is in active(1) state.
It is an advantage for an agent developer to know when an object can
and can not change value. Some operations may require an extended
period of time to run with a given set of parameters. To change
those parameters in mid step would necessitate the restarting of the
whole operation.
4.3.11 Extending IETF standard notifications is considered permissible.
Vendor extensions to existing standard notifications are not
explicitly disallowed or allowed in SMIv2. For example, linkUp and
linkDown traps are defined as follows in IF-MIB, rfc 2233.
linkDown NOTIFICATION-TYPE
OBJECTS { ifIndex, ifAdminStatus, ifOperStatus }
STATUS current
DESCRIPTION
"A linkDown trap signifies that the SNMPv2 entity,
acting in an agent role, has detected that the
ifOperStatus object for one of its communication
links is about to enter the down state from some
other state (but not from the notPresent state).
This other state is indicated by the included
value of ifOperStatus."
::= { snmpTraps 3 }
An implementation MAY add additional varbind objects to standard
notifications. However, an implementation SHOULD make any extensions
be not enabled by default and when enabled. An implementation SHOULD
append to the varbind list any extensions.
4.3.12 Do not use OCTET STRINGS to transport data that differs by
memory architecture or implementation.
MacFaden/Saperia January 2000 [Page 15]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
(PortList)
A MIB designer SHOULD NOT use octet strings to transport data that
differs by memory architecture or implementation. Only a well-
specified generic model should be used such as the above example.
4.3.13 Octet strings should not be used to aggregate multiple objects.
Separate objects should be specified in separate MIB objects.
Octet string is by definition limited to 256 bytes. If the object
being modeled is larger than this size, one should abstract the
information or reorganize the data to fit within this size boundary
which helps keep configuration working in the face of abnormally
behaving networks.
4.3.14 Design in an upper limit on the number of notifications (or
traps) that can be sent in response to a given event.
The more frequent the event which causes the notification to be
sent, the greater the need for internal aggregation or throttling in
the agent.
There can be cases where it is not useful to send notifications for
a given notification such as in frDLCIStatusChange defined in RFC
2115. In this case when interfaces are taken down administratively,
no frDLCIStatusChange will be sent.
At other times, rate limiting notifications sent should be
considered as in frTrapMaxRate.
acmeHouseCtlDeviceLost NOTIFICATION-TYPE
OBJECTS { acmeHouseInvenDevice, acmeHouseInvenKey,
acmeHouseInvenAdminStatus,
acmeHouseInvenOperStatus}
STATUS current
DESCRIPTION
"This notification is generated whenever
the invocation of a scheduled action fails.
If there is a failure of many devices
such that sending single notifications would be
resource and time prohibitive,
send the acmeHouseCtrlManyDevicesLost
notification."
MacFaden/Saperia January 2000 [Page 16]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
::= { acmeHouseCtlGlobalErrs 1 }
acmeHouseCtlManyDevicesLost NOTIFICATION-TYPE
OBJECTS { acmeSysDevicesLastFailed, acmeSysDeviceErrors }
STATUS current
DESCRIPTION
"This notification is generated whenever
the invocation of a
scheduled action fails. If there is a failure
of many devices such that sending single
notifications would be resource and time
prohibitive, send acmeHouseCtrlManyDevicesLost
notification."
::= { acmeHouseCtlGlobalErrs 2 }
4.3.15 Currency with RFC MIB Module Standards
Vendors SHOULD make every attempt to keep their implementations
current with the standards versions of MIB Modules. In particular,
agents and management software SHOULD follow the current STATUS of
MIB objects.
4.3.16 Do not ship a device with a community string "public" or
"private."
Agents should not define default community strings except where to
bootstrap devices that do not have secondary management interfaces.
These lead to security issues.
A managed device SHOULD support read only as well as read-write
community strings.
4.3.17 The default state of RFC 1215 Authentication traps should be
off.
In the "Notifications" section earlier, the issue of throttling
traps was raised. For SNMPv1 agents, any unsolicited packet to a
device that causes one ore more trap packets to be created and sent
to management stations in response. If these traps flow on links
that are shared, the community string from the trap may be used to
gain access to the device.
MacFaden/Saperia January 2000 [Page 17]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
4.3.18 Persistence expectations of sets should be well defined.
Explicit persistence of set requests has generally been assumed in
SNMP sets. New textual conventions such as StorageType allow for
alternative configuration models.
A MIB designer SHOULD make explicit indications as to how
implementers can make visible the level of persistence any read
write object can and should have.
For example, RFC 2591 defines the object schedStorageType of syntax
StorageType. New mibs SHOULD either define in
DESCRIPTION macros how a table should exist or use this type
to allow for varied persistence.
For instance: RFC 2674 also defines explicitly the persistence
as follows:
dot1qVlanStaticTable OBJECT-TYPE
SYNTAX SEQUENCE OF Dot1qVlanStaticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing static configuration information for
each VLAN configured into the device by (local or network)
management. All entries are permanent and will be restored after
the device is reset."
::= { dot1qVlan 3 }
Best current practice in network elements is a dual persistence
model where: 1) a volatile memory configuration can be
retrieved/updated and 2) persistent boot configuration.
Single persistence systems suffer the ability to rollback changes
that cause lost connectivity and hence are not often found in
backbone wide area networks operated over remote connections.
4.3.19 If a MIB object contains sensitive information, then specify so
in DESCRIPTION clause the need for encryption.
(Bert)
There are MIB objects that may contain keys, passwords and other
such sensitive information and hence must be protected from
unauthorized access.
MacFaden/Saperia January 2000 [Page 18]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
A DESCRIPTION clause and for IETF MIB RFCS, the Security
Considerations section should make it clear how and why these
specific objects are sensitive and that a user should only make them
accessible for encrypted SNMP access.
If an implementation does not support DES, then the customer should
not allow access to these objects, which is easy to specify in VACM.
When writing standards track MIBs, one must operate on the basis of
the "must implement" properties are of the various standards-track
specifications.
Confidentiality is not a must-implement portion of the SNMPv3
specification.
4.3.20 Using OwnerString to represent row ownership can be a useful
diagnostic tool.
Practice has shown that the use of the string "monitor" to identify
configuration set by an agent/local management has been useful.
4.3.21 Using a TimeStamp in read-create tables to show when it was
activated is a useful diagnostic tool.
(ipCidrRouteAge, docsIfCmtsServiceCreateTime)
When tracking down errors in configuration sequences, having a
TimeStamp object in a row can help order sort out the order of
configuration without having to revert to write trace and protocol
decoders.
5.0 Management Software Development
This section focuses on general issues related to the development of
SNMP based applications that configure one or more network elements.
Special considerations for what has come to be known as policy-based
management with SNMP are discussed in the following section.
Effective software for the configuration of one or many network
elements requires some up front design work before starting
implementation. This is true regardless of the technology used to
represent and transfer the configuration information. For SNMP-based
configuration applications, here are some of the design parameters
that should be investigated before starting implementation.
MacFaden/Saperia January 2000 [Page 19]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
1. SNMP protocol operations
2. Scale of the Management
Software
3. Security considerations
4. Network topologies
5. Synchronization of management software and device views
6. Data storage and coexistence with other management applications
7. Device capabilities and differences
8. Persistence of configuration information
9. Multiple management systems
10. Support for diagnostic activities
5.1 Protocol Operations
There are three basic areas to evaluate relevant to SNMP protocol
operations and configuration: _ Set and configuration activation
operations _ Notifications from the device _ Data retrieval and
collection The design of the system should not assume that the
objects in a device that represent configuration data will remain
unchanged over time.
As standard MIB modules evolve and vendors add private extensions,
the specific configuration parameters for a given operation are
likely to change over time. Even in the case of a configuration
application that is designed for a single vendor, the designer
SHOULD allow for variability in the MIB objects that will be used to
configure the device for a particular purpose. The best method to
accomplish this is by separating as much as possible the operational
semantics of a configuration operation from the actual data. One way
that some applications achieve this is by having the specific
configuration objects that are associated with a particular device
be table driven rather than hard coded. Management software SHOULD
verify the support in the devices it is intended to manage and
report any unexpected deviations to the operator. This approach is
particularly valuable when developing applications that are intended
to support equipment or software from multiple vendors.
5.2 SET Operations
Management software SHOULD adapt its SET operations to the type of
device and specific MIB objects included in the SET PDU.
Specifically, it SHOULD attempt to move the configuration
information as efficiently to the managed device as possible. There
are many ways to achieve efficiency and some are specific to
devices. One general case example that all management software
SHOULD employ is to reduce to the smallest reasonable number, the
MacFaden/Saperia January 2000 [Page 20]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
number of SET PDU exchanges between the managed device and the
management software. One approach to this is to verify the largest
number of variable bindings that can fit into a SET PDU for a
managed device. In some cases, the number of variable bindings to be
sent in a particular PDU will be influenced by the device, the
specific MIB objects and other factors.
5.3 Configuration Transactions
There are several types of configuration transactions that can be
supported by SNMP-based configuration applications. They include
transactions on a single table, transactions across several tables
in a managed device and transactions across many devices. The
managers ability to support these different transactions is partly
dependent on the design of the MIB objects within the scope of the
configuration operation.
Management software that conforms with the BCP MUST be aware
of the information in the MIB Modules that it is to configure so
that it can effectively utilize row status objects for the control
of transactions on one or more tables. Such software MUST also be
aware of control tables that the device supports that are used to
control the status of one or more other tables.
To the greatest extent possible, the management application
SHOULD provide the facility to support transactions across multiple
devices. This means that if a configuration operation is desired
across multiple devices, the manager can coordinate these
configuration operations such that they become active as close to
simultaneously as possible.
5.4 Notifications
As described in the section on Agent Software Development, agents
SHOULD provide the capability for notifications to be sent to their
configured management systems whenever a configuration operation is
atttempted or completed. See that section for details on the control
of such notifications. The management application MUST be prepared
to accept these notifications so that it knows the current
configured state of the devices it has been deployed to control.
Some configuration management applications may consume data from the
managed devices that reflects configuration, operational and
utilization state information. The GetBulkRequest-PDU MUST be used
MacFaden/Saperia January 2000 [Page 21]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
whenever supported by the managed device. For the purposes of
backward compatibility, the management station SHOULD also support
the GetNextRequest-PDU. Management systems SHOULD also provide
configuration options with defaults for users that tend to retrieve
the smallest amount of data to achieve the particular goal of the
application.
5.5 Scale of the Management Software
Efficient data retrieval described above is only part of the
dimension of scale that application developers should consider when
developing configuration applications.
Deploying configuration software requires proper thought on how
configuration to a network will be done. There are basic
connectivity issues as well as security issues.
This section should include BCP for these if possible or dropped
upon further discussion.
5.6. Rate and Volume of Changes to Device
Describe different models from store and forward to real time
changes and how this relates to the volume of changes needed to
effect a feature change.
5.7. Handling Multiple Managers
Devices are often modified by multiple management entities.
These management entities may be in the same organization or may be
in different organizations interior or exterior to a given
autonomous system.
There are many aspects to view this model from. First is
coordinating the changes between two or more management applications
issuing SET protocol operations. Race conditions should be easily
detectable when two entities provision exactly the same object or
within a transaction a group of objects.
Second, A device SHOULD be able to report configuration as set by
different entities as well as distinguish configuration defined
MacFaden/Saperia January 2000 [Page 22]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
locally such as a default or locally specified configuration made
through an alternate management interfaces like command line
interface.
The SMIv2 defines the Textual convention TestAndIncr often called a
SpinLock to solve race conditions. As with most of the SNMP
framework, much flexibility is left to the implementers to "do the
right thing."
Unless a MIB explicitly defines the use mandatory use of
synchronization primitives, an agent MUST not enforce their
use. An object of syntax TestAndIncr SHOULD be well defined as to
what it is being covered. However the use of a general all
encompassing lock can be used such as RFC 1907 snmpSetSerialNo
object.
An application SHOULD use this object if there is no specific
TestAndIncr object.
5.8 Diagnostics and Configuration
This section describes in detail the kinds of diagnostics needed to
help support proper provisioning models.
6.0 Policy Based Management
Since policy based management with SNMP is a relatively new concept,
this section does not document established practice with regard to
policy-enabled SNMP management systems. It gives some background and
defines terms that are relevant to this field and describes
recommended deployment approaches.
Issues that one should consider when deploying an SNMP-enabled
policy management system are also discussed.
6.1 Introduction and Definition of Terms
A primary goal of policy based management is to represent
configuration information at higher levels of abstraction to make it
easier for some operators to configure elements without knowing the
details of each device.
MacFaden/Saperia January 2000 [Page 23]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
Part of the function of the management station software and software
the executes inside the network elements is to transform these
different levels of abstractness into a form the equipment can use.
The following are some terms that refer to the different levels of
abstraction.
Domain-Specific. A domain is a general area of technology such as
service quality or security. Services, or service level agreements,
may span several domains, each of them potentially including many
policies. As a general rule, people will not discuss these domains
in the abstract. They will most often be discussed with technology
or application-specific examples. Examples of technical domains
include, IPSec and Differentiated Services. When expressed in terms
specific to a particular domain, a policy is said to be at the
Domain Specific level of detail.
Mechanism-Specific. Mechanisms are technologies used within a
particular domain. For example, in the differentiated services
domain, RED (Random Early Detection) or WRED (Weighted Random Early
Detection) might be used as one of the mechanisms that devices
employ to support differentiated services and the applications on
which they rely. Policy descriptions that include the details
associated with a particular mechanism, are said to be mechanism-
specific.
Implementation-Specific. Implementation-specific details are those
parameters that a particular vendor might use in an implementation
that augment a standard set of mechanism-specific parameters.
Vendors often add special capabilities to basic mechanisms as a way
of meeting special customer requirements or differentiating
themselves from their competitors.
These special capabilities are often a result of the implementation
approach that a vendor has used for the product, thus the term,
implementation-specific. For example, if a router vendor implemented
a particular routing protocol, they would have the mechanism-
specific parameters that control the behavior of that software. The
vendor might have chosen to run several instances of that routing
protocol, perhaps on different processors, for performance reasons.
The parameters that are used to control the distribution of work on
the different processors for that protocol would be implementation-
specific.
Instance-Specific. Network operators are most familiar and
comfortable with information of this type. Instance-specific
information refers to parameter values that have been associated
with a specific instance in a managed element. For example, The
Border Gateway Protocol is a routing protocol that has a number of
parameters that describe information about a particular router1s
view of other routers that it is sharing information with, peer
MacFaden/Saperia January 2000 [Page 24]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
routers. One such parameter defined in the BGP MIB Module [BGP MIB]
is the desired connection retry interval for a peer,
bgpPeerConnectRetryInterval. An example value would be 120
(seconds). When expressed with this level of specificity, one would
say that this is mechanism-specific data. If we were to see a value
of bgpPeerConnectRetryInterval.10.0.0.1 = 120 we would be looking at
the retry interval of the peer router found at IP address 10.0.0.1.
The value for this instance is 120 seconds, instance-specific data.
6.2 Information Related to Policy Configuration
In order for effective policy management to take place, a range of
information about the network elements is needed to avoid making
poor policy decisions. An effective policy management system will
include the following information about each network element before
sending policies for execution:
The operational state of network elements that are to be configured.
In particular, care should be taken to determine if the sub
components to be configured are available for use. In some cases the
elements may not be available. The policy configuration software
should determine if this is a prerequisite to policy download or if
the condition is acceptable. In those cases where policy is
distributed when the sub component such as an interface or disk is
not available, the managed system should send a notification to the
designated management station when the policy is to become active if
the resource is still not available.
The capabilities of the devices in the network. A capability can be
almost any unit of work a network element can perform. These
include, routing protocols supported, Web Server and OS versions,
queuing mechanisms supported on each interface that can be used to
support different qualities of service, and many others. this
information can be obtained from the capabilities table of the
Policy MIB Module.
The capacity of the devices to perform the desired work. Capability
is an ability to perform the desired work while a capacity is a
measure of how much of that capability the system has. The policy
configuration application should wherever possible, evaluate the
capacity of the network element to perform the work identified by
the policy. In some systems it will not be possible to directly
obtain the capacity of the managed elements to perform the desired
work, even though it may be possible to monitor the amount of work
the element performs. In these cases, the management application may
MacFaden/Saperia January 2000 [Page 25]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
benefit from pre-configured information about the capacity of
different network elements so that evaluations of the resources
available can be made before distributing new policies.
Utilization refers to how much capacity for a particular capability
has been consumed. For devices that have been under policy
configuration control for any period of time, a certain percentage
of the available capacity of the managed elements will be used.
Policies should not be distributed to systems that do not have the
resources to carry out the policy for a reasonable period of time.
6.3 Policy, Mechanism/Implementation and Instance Specific Modules
A conformant system could implement the policy module without any
mechanism or implementation-specific modules though it is thought
that will not be a likely scenario. For complicated configuration
areas such as Differentiated Services, Web servers, routing
protocols, etc., mechanism and frequently implementation-specific
MIB Modules will be required.
If a vendor implements a standard set of instance-specific MIB
objects and an RFC has not yet been defined for a mechanism-specific
set of objects to control the policy based configuration of these
instance-specific objects, the vendor should create such a module
allowing for the fact that an RFC might be issued later for the
mechanism-specific module. To the extent a vendor creates instance-
specific extensions to standard instance-specific MIB Modules, they
should also create implementation-specific MIB Modules if they
intent the box to be configured with policy-based management.
Many vendors create proprietary functions and the instrumentation to
manage them. To enable these features to be integrated into an SNMP-
based policy management system, both instance and implementation-
specific MIB objects should be created.
6.4 Schedule and Time Issues
In large networks it may be necessary to coordinate the application
of policies across time zones. Wherever possible, the network
elements should support time information that includes local time
zone information. Some deployed systems do not store complex notions
of local time and thus may not be able to properly process policy
MacFaden/Saperia January 2000 [Page 26]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
directives that contain time zone relevant data. For this reason,
policy management applications should have the ability to ascertain
the time keeping abilities of the managed system and make
adjustments to the policy for those systems that are time-zone
challenged.
6.5 Conflict Detection, Resolution and Error Reporting
Sophisticated conflict detection and resolution is not realistically
achievable in the short-term. Using a hierarchical approach to this
problem can achieve significant benefits. Each 'layer' policy
management system should be able to check for some errors and report
them. The responsibilities for each layer are:
Instance-specific. Conflict detection has been performed in a
limited way for some time in software that realizes instance-
specific MIB objects. This detection is independent of policy
however. They types of 'conflicts' that are usually processed
related are to resource availability and validity of the set
operations. In a policy enabled system, there are not additional
requirements for this software assuming that good error detection
and reporting appropriate to this level had already been
implemented.
Mechanism and implementation-specific. For software that realizes
mechanism and/or implementation-specific objects, failures should be
reported such that the specific policy that has been impacted can be
related with the specific element that failed. Beyond this basic
reporting which is does not perform any policy conflict detection,
there are not requirements.
Mechanism and implementation-independent. The software that
implements the mechanism and implementation-independent function
will most often be a realization of the policy module. This software
does assume some limited role in conflict detection. Specifically
this software should verify that no two policies with the same
precedence are allowed on the system. The policy system should also
report events where one policy overrides another or when an element
under policy control has been modified outside the policy system as
would be the case of CLI modifications to elements under policy
control.
MacFaden/Saperia January 2000 [Page 27]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
6.6 Policy Precedence and Grouping
6.7 Changes to configuration outside of the policy system
A goal of SNMP-based policy management is to coexist with other
forms what have historically been instance based management. The
best example is command line interface. Here are some guidelines for
handling these changes.
A notification should be sent whenever an out of policy control
change is made to an element that is under the control of policy.
This notification should include the policy that was changed, the
instance of the element that was changed and the object and value
that it was changed to.
More on contexts later.
An element under the control of policy that has been changed remains
a member of the policy group until the attributes in the Role table
that caused it to match the policy in the first place are modified.
An element that has been modified by a an out of policy mechanism,
while remaining a member of the policy does not get overridden by a
policy until its value is made the same as the extant policy with
the highest precedence for this element, and by implication then
returned to policy control. A notification should be sent when this
action is taken.
6.7 Use of Contexts
TBD
6.8 Policy distribution applications
TBD
6.9 Notifications in a Policy System
TBD.
MacFaden/Saperia January 2000 [Page 28]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
7.0 Glossary
Transaction
A finite group of changes that taken as a whole can be applied
or rolled back in one operation. For example, a single SNMP SET PDU
represents a transaction for which the state before the set is
returned should any individual element in the variable-bindings list
fail to be applied thus returning the device to exactly the same
state before the SET was executed.
Device-Local Configuration
Device-local configuration data is specific to a particular network
device. This is the finest level of granularity for configuring
network devices.
Network-Wide Configuration
Network-wide configuration data is not specific to any particular
network device and from which multiple device-local configurations
can be derived. Network-wide configuration provides a level of
abstraction above device-local configurations.
Configuration Data Translator
A function that transforms Configuration Management Data (high-level
policies) or Network-wide configuration data (middle-level policies)
into device local configurations (low-level policies) based on the
generic capabilities of network devices. This function can be
performed either by devices themselves or by some intermediate
entity.
Denial of Service (DOS)
Any situation where access to resources by authorized consumers is
diminished by overt or inadvertent abuse of network layer mechanisms
8.0 Example MIB
ACME-HOUSECTL-MIB DEFINITIONS ::= BEGIN
IMPORTS
MODULE-IDENTITY, OBJECT-IDENTITY, Counter32, Gauge32,
OBJECT-TYPE, TimeTicks, Integer32, NOTIFICATION-TYPE
MacFaden/Saperia January 2000 [Page 29]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
FROM SNMPv2-SMI
MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
FROM SNMPv2-CONF
TruthValue, TEXTUAL-CONVENTION, TimeStamp
FROM SNMPv2-TC
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
acmeHouseCtlMIB MODULE-IDENTITY
LAST-UPDATED "200007090000Z"
ORGANIZATION "Acme, Inc"
CONTACT-INFO
"Acme, Inc
1 Main Street
Anytown, Anywhere"
DESCRIPTION
"This mib module defines a sample mib module
that contains status, configuration and diagnostic
management objects for items in a single family home."
REVISION "200007090000Z"
DESCRIPTION
"Initial version of ACME-HOUSECTRL-MIB."
::= { XXX 1 }
--
-- Textual Conventions
--
AcmeCfgVersion ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A value that starts at 0 and increases monotonically
until the Max value is reached at which point the value
returns to 0."
SYNTAX Gauge32
AcmeDeviceAdminStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The operational state of a device. Setting a device to
testing invokes diagnostic routines which may or may not
bring a device out of service."
SYNTAX INTEGER {
up(1),
down(2),
testing(3)
}
MacFaden/Saperia January 2000 [Page 30]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
AcmeDeviceOperStatus ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The current general state of the device. A failed state
indicates the device is not responding to management
control"
SYNTAX INTEGER {
up(1),
down(2),
testing(3),
failed(4)
}
--
-- Top level delegations
--
acmeHouseInventory OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Inventory of the controls in the home over which
operations can be made."
::= { acmeHouseCtlMIB 1 }
acmeHouseGlobals OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Objects of global scope over a given home."
::= { acmeHouseCtlMIB 2 }
acmeHouseConfig OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Configuration of devices managed by this MIB
or subsidiary MIBs."
::= { acmeHouseCtlMIB 3 }
acmeHouseCtlExceptions OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Exceptions of global scope to this mib defined here."
::= { acmeHouseCtlMIB 9 }
acmeHouseCtlConformance OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Conformance details kept here for this MIB."
MacFaden/Saperia January 2000 [Page 31]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
::= { acmeHouseCtlMIB 10 }
--
-- Inventory Group
--
acmeHouseInvenLastUpdated OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Timestamp when inventory report was last updated. A value of
zero indicates never."
::= { acmeHouseInventory 1 }
acmeHouseInvenNumber OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of rows in acmeHouseInvenTable."
::= { acmeHouseInventory 2 }
acmeHouseInvenTable OBJECT-TYPE
SYNTAX SEQUENCE OF AcmeHouseInvenEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table presents a list of devices found
in a given home.
Rows are added and deleted by the agent. "
::= { acmeHouseInventory 3 }
acmeHouseInvenEntry OBJECT-TYPE
SYNTAX AcmeHouseInvenEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row represents a particular device managed
by this agent."
INDEX { acmeHouseInvenId }
::= { acmeHouseInvenTable 1 }
AcmeHouseInvenEntry ::= SEQUENCE {
acmeHouseInvenId SnmpAdminString,
acmeHouseInvenDevice OBJECT IDENTIFIER,
acmeHouseInvenKey Integer32,
acmeHouseInvenAdminStatus AcmeDeviceAdminStatus,
acmeHouseInvenOperStatus AcmeDeviceOperStatus,
acmeHouseInvenLastContact TimeStamp
MacFaden/Saperia January 2000 [Page 32]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
}
acmeHouseInvenId OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A persistent identifier that identifies
a device uniquely within a single domain."
::= { acmeHouseInvenEntry 1 }
acmeHouseInvenDevice OBJECT-TYPE
SYNTAX OBJECT IDENTIFIER
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The object identifier that uniquely identifies
the type of device. A registration mib maintains
the mappings to text."
::= { acmeHouseInvenEntry 2 }
acmeHouseInvenKey OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A unique value within a given set of device
with the same acmeHouseInvenDevice object identifier.
Can be used for a short-hand indexing
to other tables and notifications."
::= { acmeHouseInvenEntry 3 }
acmeHouseInvenAdminStatus OBJECT-TYPE
SYNTAX AcmeDeviceAdminStatus
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The desired administrative status of this device.
Setting the value to down(2) has the effect of
changing acmeHouseInvenOperStatus to down(2) as well."
::= { acmeHouseInvenEntry 4 }
acmeHouseInvenOperStatus OBJECT-TYPE
SYNTAX AcmeDeviceOperStatus
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The curent operational state of the device."
MacFaden/Saperia January 2000 [Page 33]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
::= { acmeHouseInvenEntry 5 }
acmeHouseInvenLastContact OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the device last responded
to any management request or last poll."
::= { acmeHouseInvenEntry 6 }
--
-- Configuration Globals Group
--
acmeHouseGlobalSysActive OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"State of house control system. A value of true(1) represents
the system is actively monitoring state and will
accept valid configuration requests. A value of false(2)
indicates this the master system is not maintaining
state of systems found in
the inventory component."
::= { acmeHouseGlobals 1 }
acmeSysActiveLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"sysUpTime when acmeHouseGlobalSysActive last changed state."
::= { acmeHouseGlobals 2 }
acmeSysActiveConfigId OBJECT-TYPE
SYNTAX AcmeCfgVersion
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Current value of configuration information. This value remains
persistent across reboots and increases when configuration
changes are made to any object in this MIB."
::= { acmeHouseGlobals 3 }
acmeSysDevicesActive OBJECT-TYPE
SYNTAX Gauge32
MacFaden/Saperia January 2000 [Page 34]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Number of active devices in the system according to last poll."
::= { acmeHouseGlobals 4 }
acmeSysDevicesLastFailed OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"sysUpTime when last device failed poll or admin request."
::= { acmeHouseGlobals 5 }
acmeSysDeviceErrors OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Number of devices that this manager lost contact, timed out
with."
::= { acmeHouseGlobals 6 }
acmeSysDeviceLastErr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"A description of the last error that occured in this mib due
to configuration errors or status error presentable to user
interface."
::= { acmeHouseGlobals 7 }
--
-- Notification Section
--
acmeHouseCtlGlobalErrs OBJECT IDENTIFIER ::= {
acmeHouseCtlExceptions 0}
acmeHouseCtlDeviceLost NOTIFICATION-TYPE
OBJECTS { acmeHouseInvenDevice, acmeHouseInvenKey,
acmeHouseInvenAdminStatus,
acmeHouseInvenOperStatus}
STATUS current
DESCRIPTION
"This notification is generated whenever the invocation
of a scheduled action fails. If there is a failure of
many devices such that sending single notifications
would be resource and time prohibitive, send the
MacFaden/Saperia January 2000 [Page 35]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
acmeHouseCtrlManyDevicesLost notification."
::= { acmeHouseCtlGlobalErrs 1 }
acmeHouseCtlManyDevicesLost NOTIFICATION-TYPE
OBJECTS { acmeSysDevicesLastFailed, acmeSysDeviceErrors }
STATUS current
DESCRIPTION
"This notification is generated whenever the invocation
of a scheduled action fails. If there is a failure of
many devices such that sending single notifications
would be resource and time prohibitive, send the
acmeHouseCtrlManyDevicesLost notification."
::= { acmeHouseCtlGlobalErrs 2 }
--
-- Compliance Section
--
acmeHouseCtlGroups OBJECT IDENTIFIER
::= { acmeHouseCtlConformance 1 }
acmeHouseCtlCompliances OBJECT IDENTIFIER
::= { acmeHouseCtlConformance 2 }
acmeHouseInventoryGroup OBJECT-GROUP
OBJECTS {
acmeHouseInvenLastUpdated,
acmeHouseInvenNumber,
acmeHouseInvenDevice,
acmeHouseInvenKey,
acmeHouseInvenAdminStatus,
acmeHouseInvenOperStatus,
acmeHouseInvenLastContact
}
STATUS current
DESCRIPTION
"A collection of objects providing
inventory and general status of all home objects controlled
by this MIB."
::= { acmeHouseCtlGroups 1 }
acmeHouseGlobalsGroup OBJECT-GROUP
OBJECTS {
acmeHouseGlobalSysActive,
acmeSysActiveLastChanged,
acmeSysActiveConfigId,
acmeSysDevicesActive,
acmeSysDevicesLastFailed,
acmeSysDeviceErrors,
MacFaden/Saperia January 2000 [Page 36]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
acmeSysDeviceLastErr
}
STATUS current
DESCRIPTION
"A collection of objects providing
overall feature configuration state status."
::= { acmeHouseCtlGroups 2 }
acmeHouseCtlNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
acmeHouseCtlDeviceLost,
acmeHouseCtlManyDevicesLost
}
STATUS current
DESCRIPTION
"The notifications used by this MIB to denote
exceptional conditions."
::= { acmeHouseCtlGroups 3 }
acmeHouseCtrlMibCompliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The set of groups that make up the mandatory
and optional groups
required for MIB implementation."
MODULE
MANDATORY-GROUPS { acmeHouseInventoryGroup,
acmeHouseGlobalsGroup }
::= { acmeHouseCtlCompliances 1 }
END
9.0 References
[1] Harrington, D., Presuhn, R., and B. Wijnen, "An
Architecture for Describing SNMP Management Frameworks",
RFC 2571, April 1999.
[2] Rose, M., and K. McCloghrie, "Structure and
Identification of Management Information for TCP/IP-based
Internets", STD 16, RFC 1155, May 1990.
MacFaden/Saperia January 2000 [Page 37]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
[3] Rose, M., and K. McCloghrie, "Concise MIB Definitions",
STD 16, RFC 1212, March 1991.
[4] Rose, M., "A Convention for Defining Traps for use with
the SNMP", RFC 1215, March 1991.
[5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Structure of Management
Information Version 2 (SMIv2)", STD 58, RFC 2578, April
1999.
[6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Textual Conventions for
SMIv2", STD 58, RFC 2579, April 1999.
[7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J.,
Rose, M., and S. Waldbusser, "Conformance Statements for
SMIv2", STD 58, RFC 2580, April 1999.
[8] Case, J., Fedor, M., Schoffstall, M., and J. Davin,
"Simple Network Management Protocol", STD 15, RFC 1157,
May 1990.
[9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Introduction to Community-based SNMPv2", RFC 1901,
January 1996.
[10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1906, January 1996.
[11] Case, J., Harrington D., Presuhn R., and B. Wijnen,
"Message Processing and Dispatching for the Simple
Network Management Protocol (SNMP)", RFC 2572, April
1999.
[12] Blumenthal, U., and B. Wijnen, "User-based Security Model
(USM) for version 3 of the Simple Network Management
Protocol (SNMPv3)", RFC 2574, April 1999.
[13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1905, January 1996.
[14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3
Applications", RFC 2573, April 1999.
[15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based
Access Control Model (VACM) for the Simple Network
MacFaden/Saperia January 2000 [Page 38]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
Management Protocol (SNMP)", RFC 2575, April 1999.
[16] McCloghrie, K. and M. Rose, Editors, "Management
Information Base for Network Management of TCP/IP-based
internets: MIB-II", STD 17, RFC 1213, Hughes LAN Systems,
Performance Systems International, March 1991.
[17] McCloghrie, K. and F. Kastenholz, "The Interfaces Group
MIB using SMIv2", RFC 2233, Cisco Systems, FTP Software,
November 1997.
[18] Case, J., Mundy, R., Partain, D., and B. Stewart,
"Introduction to Version 3 of the Internet-standard
Network Management Framework", RFC 2570, April 1999.
[19] Brown, C., and F. Baker, "Management Information Base for
Frame Relay DTEs Using SMIv2", RFC 2115, September 1997.
[20] Baker, F, "Requirements for IP Version 4 Routers", RFC
1812, June 1995.
[21] Hawkinson, J, "Guidelines for creation, selection, and
registration of an Autonomous System (AS)", RFC 1930,
March 1996.
[22] Baker, F, "OSPF Version 2 Management Information Base", RFC
1850, November 1995.
10.0 Editors' Addresses
Michael R. MacFaden
Riverstone Networks, Inc
5200 Great America Parkway
Santa Clara, CA 95054
phone - +1 408 878 6500
email - mrm@riverstonenet.com
Jon Saperia
JDS Consulting
174 Chapman Street
Watertown, MA 02472
email - saperia@mediaone.net
MacFaden/Saperia January 2000 [Page 39]
�
INTERNET-DRAFT SNMP CONFIGURATION July 2000
11.0 Full Copyright Statement
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and
furnished to others, and derivative works that comment on or
otherwise explain it or assist in its implementation may be
prepared, copied, published and distributed, in whole or in
part, without restriction of any kind, provided that the above
copyright notice and this paragraph are included on all such
copies and derivative works. However, this document itself
may not be modified in any way, such as by removing the
copyright notice or references to the Internet Society or
other Internet organizations, except as needed for the
purpose of developing Internet standards in which case the
procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into
languages other than English.
The limited permissions granted above are perpetual and will
not be revoked by the Internet Society or its successors or
assigns.
This document and the information contained herein is provided
on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE
USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE.
MacFaden/Saperia January 2000 [Page 40]
�