SNMPCONF Working Group M. MacFaden
Category: Best Current Practice Riverstone Networks, Inc
J. Saperia
JDS Consulting, Inc
W. Tackabury
Gold Wire Technology, Inc
Configuring Networks and Devices With SNMP
draft-ietf-snmpconf-bcp-04.txt
March 2, 2001
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference mate-
rial or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The Internet Society (2001). All Rights Reserved.
Abstract
This document is for a variety of readers interested in the Internet
Standard Management Framework, the Simple Network Management Protocol
(SNMP).
In particular, it offers guidance in the effective use of SNMP in
configuration management. This information is relevant to vendors
Various Authors [Page 1]
�
RFC DRAFT Expires July 2001 March 2001
that build network elements, management application developers, and
those that acquire and deploy this technology in their networks.
1. INTRODUCTION
Data networks have grown greatly in size and complexity over the past
decade. This growth can be seen in terms of:
Scale - Data networks have grown in many dimensions:
they have more network elements, the network
elements perform a significantly wider range of tasks,
and there are many more interrelationships
within and between devices.
Functionality - network devices perform more functions.
More protocols and network layers are
required for the successful deployment of a wide array
of network services.
Time - changes to devices occur more often than in the
past. The need for dynamic configuration has grown faster than
set-and-forget style configuration.
Configuration of network elements that make up data networks is an
essential prerequisite to the deployment of services upon them. The
growth in size and complexity of modern networks increases the need for
a standard configuration mechanism that is tightly integrated with per-
formance and fault management systems.
The Internet Standard Management Framework, SNMP, is used successfully
to develop configuration management systems for a broad range of devices
and networks. A standard configuration mechanism that tightly inte-
grates with performance and fault systems is needed not only to help
reduce the complexity of management, but to enable verification of con-
figuration activities that create billable services.
This document describes Best Current Practices that have been used when
designing effective configuration management systems using the Internet
Standard Management +Framework (or, more colloquially, SNMP). It covers
many basic practices as well as more complex agent and manager design
issues that are raised in configuration management.
Significant experience has been gained over the past ten years in con-
figuring public and private data networks with SNMP. Policy Based Con-
figuration Management, PBCM, is a methodology of configuration dis-
tributed to potentially many network elements with the goal of achieving
consistent network behavior throughout an administrative domain.
Various Authors [Page 2]
�
RFC DRAFT Expires July 2001 March 2001
This document presents lessons learned from these experiences and
applies them to both conventional and policy based configuration systems
based on SNMP.
1.1. Document Organization
This document is divided into eight sections:
Section 1 - Introduction and document organization
Section 2 - Using SNMP as a configuration mechanism
Section 3 - Designing a MIB Module
Section 4 - Implementing a configuration agent
Section 5 - Designing and implementing configuration management
applications
Section 6 - Deployment and Security Issues
Section 7 - Policy Management
Section 8 - Example MIB Module for configuration
2. USING SNMP AS A CONFIGURATION MECHANISM
Configuration causes a discrete change in an element from one state to
another. While it often takes an arbitrary amount of commands and data
to make up configuration change, it is critical that the configuration
system treat the overall change operation atomically so the number of
states an element can transition to is minimized. A change request is
either completely executed not at all. This is called transactional
integrity. Transactional integrity makes it possible to develop reliable
configuration systems that can invoke transactions and keep track of an
elements overall state and work in the presence of error states.
2.1. Transactions and SNMP
Transactions can logically take place at very fine-grained levels such
as an individual object or in very large aggregations such as an entire
configuration file. For this reason, reliance on transactional integrity
only at the protocol level is insufficient.
MIB Module design plays a significant role in how well SNMP transaction
integrity will work. For example, The Structure of Management Informa-
tion Version 2 (SMIv2), RFC 2579, defines textual conventions which help
support configuration. The RowStatus object which defines a standard
object for the management of conceptual rows in a table is one example.
A RowStatus object can be used in many ways to help with transaction
control. For example, a single row activation where a single row is
equivalent to the level of transaction. When a RowStatus object is moved
to the active state, the entire row is 'committed'.
Various Authors [Page 3]
�
RFC DRAFT Expires July 2001 March 2001
In a multi-table scenario where the amount of configuration data must be
spread over many columnar objects, a RowStatus object in one table can
be used to cause the entire set of data to be put in operation or stored
based on the definition of the objects.
In some cases, very large amounts of data may need to be 'committed' all
at once. In these cases, another approach is to configure all of the
rows in all the tables required and have an "activate" object that has a
set method that commits all the modified rows.
It is possible for an SNMP-based management system to address all of
these issues effectively. Transactional control is an essential property
of a configuration management system.
2.2. Practical Requirements for Transactional Control
A well designed and deployed configuration system should have the fol-
lowing features with regard to transactions and transactional integrity.
1) Provide for flexible transaction control at many different levels of
granularity. At one extreme, an entire configuration may be delivered
and installed on an element or one small attribute may be changed. The
effects of a change should be commensurate with the change request. Very
granular changes should invoke behavior according to the change being
made. This is often termed "no surprises."
2) The transaction control component should work at any of the levels of
abstraction defined in section 8. The key point here is that it may
make most sense to configure systems at an abstract level rather than on
an individual instance by instance basis as has been commonly practiced.
In some cases it is more effective to send a configuration command to a
system that contains a set of 'defaults' to be applied to instances that
meet certain criteria.
3) An effective configuration management system must allow flexibility
in the definition of a successful transaction. This cannot be done at
the protocol level alone, but rather must be provided for throughout the
application and the information that is being managed. In the case of
SNMP, the information would be in properly defined MIB modules.
4) Time-indexed transaction control A configuration management system
should provide time-indexed transaction control. For effective rollback
control, the configuration transactions and their successful or unsuc-
cessful completion status must be reported by the managed elements and
stored in a repository that supports such time indexing and can record
the user that made the change, even if the change was not carried out
the system recording the change.
Various Authors [Page 4]
�
RFC DRAFT Expires July 2001 March 2001
5) The managed system must support transactional security. This means
that depending on where and who is making the configuration request, it
may be accepted or denied based on security policy that is in effect in
the managed element.
2.3. Best Practices in Configuration
Debugging is an integral part of the configuration process. To reduce
the chance of making simple errors in configuration, many organizations
employ the following change management procedure:
pre-test - verify that the system is presently working properly
change - make configuration changes/wait for convergence
re-test - verify once again that the system is working properly
This procedure is commonly used to verify configuration changes to crit-
ical systems such as the domain name system (DNS). DNS software kits
provide a diagnostic tools provided that allow automatic test procedures
to be defined. Strict adherence to this procedure ensures service
remains intact since any failure of the test detected after the change
can be rolled back to the prior state.
Likewise, a planned configuration sequence can be aborted if pre-config-
uration test results show the state of the system as unstable. Debugging
two sets of changes in large systems is often more challenging than one.
Networks and devices under SNMP configuration readily support this
change management procedure since the SNMP provides integrated monitor-
ing, configuration and diagnostic capabilities. For example, the Ether-
Like-MIB, RFC 2665, defines diagnostic tests as follows:
Various Authors [Page 5]
�
RFC DRAFT Expires July 2001 March 2001
dot3TestLoopBack OBJECT-IDENTITY
STATUS current
DESCRIPTION "This test configures the MAC chip and executes
an internal loopback test of memory, data paths,
and the MAC chip logic. This loopback test can
only be executed if the interface is offline.
Once the test has completed, the MAC chip should
be reinitialized for network operation, but it
should remain offline.
If an error occurs during a test, the
appropriate test result object will be set
to indicate a failure. The two OBJECT
IDENTIFIER values dot3ErrorInitError and
dot3ErrorLoopbackError may be used to provided
more information as values for an appropriate
test result code object."
::= { dot3Tests 2 }
There are times when configuration of a given element can impact other
network elements in a network. Configuring network protocols such as
IEEE 802.1D Spanning Tree or OSPF is especially challenging since the
impact of a configuration change can directly affect stability (conver-
gence) of the network the device is connected to.
An integrated view of configuration and monitoring provides an ideal
platform from which to evaluate such changes. For IEEE 802.1D Spanning
Tree, RFC 1493 provides the following object to monitor stability per
logical bridge.
dot1dStpTopChanges OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
"The total number of topology changes detected by
this bridge since the management entity was last
reset or initialized."
REFERENCE
"IEEE 802.1D-1990: Section 6.8.1.1.3"
::= { dot1dStp 4 }
Likewise, the OSPF MIB module provides a similar metric for stability
per OSPF area.
Various Authors [Page 6]
�
RFC DRAFT Expires July 2001 March 2001
ospfSpfRuns OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times that the intra-area route
table has been calculated using this area's
link-state database. This is typically done
using Dijkstra's algorithm."
::= { ospfAreaEntry 4 }
The operational effects of a given implementation often differ from one
to another for any given standard configuration object. The impact of a
change to stability of systems such as OSPF should be documented in an
agent-capabilities statement which is consistent with "Requirements for
IP Version 4 Routers" [20], section 1.3.4:
A vendor needs to provide adequate documentation on all
configuration parameters, their limits and effects.
The above model is not fail safe, especially when configuration errors
are masked by long latencies or when configuration errors lead to oscil-
lations in network stability. For example, consider the situation where
loading a new software version on a device leads to a small, slow memory
leak brought on by a certain traffic pattern that went uncaught during
vendor and customer test lab trials.
Also, convergence in an autonomous system cannot be guaranteed when con-
figuration changes are made since there are factors beyond control of
the operator. And even for factors within the operator's control there
is little verification done to prevent misconfiguration such as in the
following example.
Consider a change made to ospfIfHelloInterval and ospfIfRtrDeadInterval
[22] timers in the OSPF routing protocol such that both are set to the
same value. Two routers may form an adjacency but then begin to cycle in
and out of adjacency, and thus never reach a stable (converged) state.
Had the configuration process defined above been employed, this particu-
lar situation would have been discovered without impact on the produc-
tion network.
3. DESIGNING A MIB MODULE
Well-thought out MIB module design is crucial for practical configura-
tion with SNMP. MIB Modules for configuration can and do scale and when
integrated with diagnostic, monitoring, and policy objects. Policy
objects represent information at an aggregate, or higher level of
Various Authors [Page 7]
�
RFC DRAFT Expires July 2001 March 2001
abstraction, than instance level ones. Taken together these all of these
objects can for a robust configuration subsystem.
This section provides specific practices used in MIB module design.
3.1. MIB Module design
This section describes specific design practices by drawing upon a fic-
tional MIB module called BLDG-HVAC-MIB as defined in Section 8. This MIB
module provides a means to control the heating/cooling system found in a
modern building.
3.1.1. Consistency in Modeling
One of the first tasks in defining a MIB module is the creation of a
model which reflects the scope of the management information.
3.1.2. Designing Configuration Objects
MIB modules can be thought of as logical models providing one or more
aspects/views of a subsystem. The objective for all MIB modules should
be to serve one or more operational requirements such as accounting
information collection, configuration of one or more parts of a system,
or fault identification.
Choosing only those aspects of a subsystem that are proven to be opera-
tionally useful.
In 1993, one of most widely deployed MIB modules supporting configura-
tion was published, RFC 1493, or the BRIDGE-MIB. It defined the crite-
ria used to develop the MIB module as follows:
To be consistent with IAB directives and good engineering
practice, an explicit attempt was made to keep this MIB as
simple as possible. This was accomplished by applying the
following criteria to objects proposed for inclusion:
(1) Start with a small set of essential objects and add only
as further objects are needed.
(2) Require objects be essential for either fault or
configuration management.
(3) Consider evidence of current use and/or utility.
(4) Limit the total of objects.
Various Authors [Page 8]
�
RFC DRAFT Expires July 2001 March 2001
(5) Exclude objects which are simply derivable from others in
this or other MIBs.
(6) Avoid causing critical sections to be heavily
instrumented. The guideline that was followed is one
counter per critical section per layer.
During the past eight years, additional experience has shown a need to
refine these criteria as follows:
1. Before MIB Module design, identify goals and objectives
for the MIB module.
2. 2. Minimalization is not explicit goal, but usability is. Be sure
to consider deployment requirements.
3. During configuration, consider supporting explicit
error state, capability and capacity objects.
4. When considering rule (5) above, consider the impact on
a management application. When deployment or modeling
experience shows that objects that can be derived are
useful for the management application, consider defining them rather
than requiring that they be derived.
3.1.3. Naming MIB modules and Managed Objects
Naming of MIB modules and objects generally follows a set of best prac-
tices. Originally, standards track MIB modules used RFC names. As the
MIB modules evolved, the practice changed to using more descriptive
names. Presently, Standards Track MIB modules define a given area of
technology such as ATM-MIB, and vendors then extend such MIB modules by
prefixing the company name to a given MIB Module as in ACME-ATM-MIB.
Object descriptors (the "human readable names" assigned to object iden-
tifiers) defined in standard MIB modules should be unique across all MIB
modules. However, MIB Modules do not define a naming scope. Generally,
a prefix is added to each managed object that can help reference the MIB
module it was defined in. For example, the IF-MIB uses "if" prefix for
objects such as ifTable, ifStackTable and so forth.
The names for MIB objects can include an abbreviation for the function
they perform. For example the objects that control configuration in the
example MIB Module in section 8 might include Cfg as part of the name.
The bldgHVACDesiredTemp object might have been better named bldgHVAC-
CfgDesiredTemp. These longer names were left out of the example in the
interest of simplify. Some have adopted this approach with good results.
The power of this approach is more fully realized when the names that
include the fault, configuration, accounting, performance and security
[34] abbreviations are combined with an organized OID assignment
approach. For example a vendor could create a configuration branch in
Various Authors [Page 9]
�
RFC DRAFT Expires July 2001 March 2001
their private enterprises area. In some cases this might be best done on
a per product basis. Which ever approach is used, Cfg might be included
in every object in the configuration branch. This has two operational
benefits. First for those that do look at MIB Object names through MIB
Browsers or other simple command line tools, the name can more com-
pletely convey the meaning of that object. Secondly, management applica-
tions can be pointed at specific sub trees for fault or configuration,
causing a more efficient retrieval of data and a simpler management
application with potentially better performance.
3.1.4. Using Summary Objects and State Tracking
Prior to making a configuration change, management software generally
will synchronize with agents and backup existing configuration.
The three factors that influence this process are:
1. Amount of configuration data to transfer
2. Frequency of change to the data
3. Accessibility of the data
To make this process simple and efficient, consider using the following
techniques in a MIB module.
1. Provide an object that reports the number of rows in a table
2. Provide an object that flags when data in the table
was last modified.
3. Send a notification (inform) to deliver configuration change
details which can be seen in Section 8
By providing an object containing the number of rows in a table, manage-
ment applications can decide how best to retrieve a given table's data
and may choose different access strategies depending on table size.
Once a table has been synchronized, keeping it synchronized requires an
object to monitor table state. An example is found in RFC 2790, Host
Resources MIB:
Various Authors [Page 10]
�
RFC DRAFT Expires July 2001 March 2001
hrSWInstalledLastUpdateTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the hrSWInstalledTable
was last completely updated. Because caching of this
data will be a popular implementation strategy,
retrieval of this object allows a management station
to obtain a guarantee that no data in this table is
older than the indicated time."
::= { hrSWInstalled 2 }
A similar convention found in many standards track MIB modules is the
"LastChange" type object.
For example, the ENTITY-MIB RFC2737 provides the following object:
entLastChangeTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime at the time a conceptual row is
created, modified, or deleted in any of these tables:
- entPhysicalTable
- entLogicalTable
- entLPMappingTable
- entAliasMappingTable
- entPhysicalContainsTable"
::= { entityGeneral 1 }
This convention is not formalized, and there tend to be small differ-
ences in what a table's LastChanged object reflects. IF-MIB, RFC2863,
[31] defines the following:
ifTableLastChange OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime at the time of the last
creation or deletion of an entry in the ifTable. If
the number of entries has been unchanged since the
last re-initialization of the local network management
subsystem, then this object contains a zero value."
::= { ifMIBObjects 5 }
So, if an agent performs a row modification via an SNMP SET on ifAdmin-
Status, the value of ifTableLastChange will not be updated.
Various Authors [Page 11]
�
RFC DRAFT Expires July 2001 March 2001
The final way to keep distributed configuration data consistent is to
use an event-driven model, where configuration changes are communicated
as they occur. When the frequency of change to configuration is rela-
tively low or polling a cache object is not desired, consider defining a
notification that will report all configuration change details.
Use an inform instead of a trap notification so that changes are reli-
ably communicated.
The use of notifications to communicate the state of a rapidly changing
object may not be ideal either. This leads back to the object design
question of what is the right level of granularity is.
Finally, having to poll many "LastChange" objects does not scale reason-
ably. Consider using some global LastChange type object to represent
overall configuration in a given implementation.
3.1.5. Advanced Synchronization Considerations
For very large tables or for tables whose data changes frequently, a row
count and LastChange-like object as described in the previous section
caching a whole table's contents may not work.
There are three design choices to consider: 1) Design multiple indices
to partition
the data in a table logically or break a table into
a set of tables to partition the data 2) Use a time-based indexing
technique 3) Define a control MIB module that manages
a separate data delivery protocol
Index Design
Index design has a major impact on the amount of
data that must be transferred between SNMP entities
and can help to mitigate scaling issues with large
tables.
Most tables in standard MIB modules follow one of two
indexing models: associative indexing or
positional/array-like indexing that can start from one (1).
When tables get to a very large number of rows,
using an associative indexing scheme offers the
capacity to retrieve only the rows of interest.
For example, if an SNMP entity contains a copy
of the default-free Internet routing table as
defined in RFC 2096, the ipCidrRouteTable
Various Authors [Page 12]
�
RFC DRAFT Expires July 2001 March 2001
will presently contain around 100,000 rows.
Since associative indexing is used and the nature of
the data in this table is partitionable,
synchronizing with a subset is possible. If this
table contained a simple index, there would have
to be at least one complete scan of the table.
ipCidrRouteEntry OBJECT-TYPE
SYNTAX IpCidrRouteEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A particular route to a particular destina-
tion, under a particular policy."
INDEX {
ipCidrRouteDest,
ipCidrRouteMask,
ipCidrRouteTos,
ipCidrRouteNextHop
}
If copying a large table is required, a simple positional index can
potentially increase the number of rows that can be sent in a PDU and if
the indexing is not sparse, concurrency can be gained by sending multi-
ple asynchronous non-overlapping collection requests.
Should requirements dictate new methods of access, multiple indices can
be defined such that both associative and simple indexing can coexist to
access a single logical table.
Two examples follow.
First, consider the ifStackTable found in RFC 2863 [31] and the ifInvS-
tackTable RFC 2864 [32]. They are logical equivalents with the order of
the auxiliary (index) objects simply reversed.
ifStackEntry OBJECT-TYPE
SYNTAX IfStackEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information on a particular relationship between two
sub-layers, specifying that one sub-layer runs on
'top' of the other sub-layer. Each sub-layer
corresponds to a conceptual row in the ifTable."
INDEX { ifStackHigherLayer, ifStackLowerLayer }
::= { ifStackTable 1 }
Various Authors [Page 13]
�
RFC DRAFT Expires July 2001 March 2001
ifInvStackEntry OBJECT-TYPE
SYNTAX IfInvStackEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information on a particular relationship between two sub-
layers, specifying that one sub-layer runs underneath the
other sub-layer. Each sub-layer corresponds to a conceptual
row in the ifTable."
INDEX { ifStackLowerLayer, ifStackHigherLayer }
::= { ifInvStackTable 1 }
Second, table designs that can factor data into multiple tables with
well-defined relationships can help reduce overall data transfer
requirements. The RMON-MIB, RFC 2819, demonstrates a very useful tech-
nique of organizing tables into control and data components. Control
tables contain those objects that are configured and change infrequently
and the data tables contain information to be collected that can be
large and may change quite frequently.
As an example, the RMON hostControlTable provides a way to specify how
to collect MAC addresses learned as a source or destination from a given
port that provides transparent bridging of ethernet packets.
Configuration is accomplished using the hostControlTable. It is indexed
by a simple integer. While this may seem to be array-like, it is common
use for command generators to encode the ifIndex into this simple inte-
ger to provide associative lookup capability.
The RMON hostTable and hostTimeTable represent dependent tables that
contains the results indexed by the hostControlTable entry.
The hostTable table is further indexed by the MAC address which provides
the ability to reasonably search a collection such as the Organization-
ally Unique Identifier (OUI) which is the first three octets of the MAC
address.
The hostTimeTable is designed explicitly for fast transfer of bulk RMON
data. It demonstrates how to handle collecting large number of rows in
the face of deletions and insertions by providing hostControlLastDelete-
Time.
Various Authors [Page 14]
�
RFC DRAFT Expires July 2001 March 2001
hostControlLastDeleteTime OBJECT-TYPE
SYNTAX TimeTicks
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of sysUpTime when the last entry
was deleted from the portion of the hostTable
associated with this hostControlEntry. If no
deletions have occurred, this value shall be zero."
::= { hostControlEntry 4 }
2) Time Based Indexing The TimeFilter as defined and used in RFC 2021 as
well as in RFC2674 provide a way to obtain only those rows that have
changed on or after some specified time since the SNMP entity was
started (sysUpTime).
Since TimeFilter introduces rows based on time based indexing, a given
row can appear at many points in time which artificially inflates the
size of the table when performing classical getNext or getBulk data
retrieval.
3) Divide the Work If the amount of data to transfer is larger than cur-
rent SNMP design restrictions such as OCTET STRINGS or PDU sizes and
well as being overly volatile, consider deliver the data via separate
protocol and use a MIB module to control that data delivery process.
3.1.6. Octet String Aggregations
The OCTET STRING syntax is an extremely flexible and useful datatype
when defining managed objects that allow SET operation. An octet string
is capable of modeling many things and is limited in size to 65535
octets by SMIv2[5].
Since OCTET STRINGS are very flexible, the need to make them useful to
applications requires careful definition. Otherwise, applications will
at most simply be able to display and set them.
Consider the following object from RFC 1907 SNMPv2-MIB.
For example:
Various Authors [Page 15]
�
RFC DRAFT Expires July 2001 March 2001
sysLocation OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The physical location of this node (e.g., `telephone
closet, 3rd floor'). If the location is unknown, the value
is the zero-length string."
::= { system 6 }
Should an application be required to do more with this information than
be able to read and set the value of this object, a more precise defini-
tion of the contents of the OCTET STRING is needed.
When using OCTET STRINGS, avoid platform dependent data formats. Also
avoid using OCTET STRINGS where a more precise SMI syntax such as Inte-
ger32 or BITS would work.
There are many MIB modules that attempt to optimize the amount of data
sent/received in a SET/GET PDU by packing octet strings with aggregate
data. Example, the PortList TC in RFC 2674 is defined as follows:
PortList ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Each octet within this value specifies a set of eight
ports, with the first octet specifying ports 1 through
8, the second octet specifying ports 9 through 16, etc.
Within each octet, the most significant bit represents
the lowest numbered port, and the least significant bit
represents the highest numbered port. Thus, each port
of the bridge is represented by a single bit within the
value of this object. If that bit has a value of '1'
then that port is included in the set of ports; the port
is not included if its bit has a value of '0'."
SYNTAX OCTET STRING
This saves on data transfer but has some limitations. Any changes in
object specification or version control is made more difficult, given
that the granularity of control in SMIv2 is a managed object. Any
change such as delete or add to the number of elements
Any change such as delete or add to the number elements encoded within
the object would deprecate the entire object.
Complex instance information is difficult to reference in particular
data kept in a managed object that is contained in an aggregate.
Various Authors [Page 16]
�
RFC DRAFT Expires July 2001 March 2001
Providing an SNMP Table to represent aggregate data does not have as
many limitations as encoding data into OCTET STRINGS and is the better
common practice.
3.1.7. Simple Integer Indexing
When indexing tables using simple Integers, start with one (1) and spec-
ify the maximum range of the value.
Since Object Identifiers are unsigned long values, a question that
arises is why not index from zero (0) instead of one(1)?
RFC 2578, Section 7.7, page 28 states: Instances identified by use of
integer-valued objects should be numbered starting from one (i.e., not
from zero). The use of zero as a value for an integer-valued index
object should be avoided, except in special cases.
Indexing from one simplifies implementation on the management applica-
tion side. Consider the following sequence
request expected response
sysUpTime -> sysUpTime.0
ifInOctets.0 -> ifInOctets.1
ifInOctets.1 -> ifInOctets.2
ifInOctets.2 -> ifInOctets.3
which allows simple management application iteration:
for (i = 0; i < something; i++ ) {
action(i);
}
whereas if one allows
a .0 instance to exist, a management application must
consider the following sequence:
request expected response
------- -----------------
sysUpTime -> sysUpTime.0
ifInOctets -> ifInOctets.0 <---
ifInOctets.0 -> ifInOctets.1
ifInOctets.1 -> ifInOctets.2
ifInOctets.2 -> ifInOctets.3
for (i = 0; i < something; i++ ) {
if (is_leaf(i) action();
}
Various Authors [Page 17]
�
RFC DRAFT Expires July 2001 March 2001
3.1.8. Indexing with Network Addresses
There are many objects that use IPv4 addresses (SYNTAX IpAddress) as
indexes. One such table is the ipAddrTable from RFC 2011 IP-MIB. This
limits the usefulness of the MIB module to IPv4. To avoid such limita-
tions, use the INET-ADDRESS-MIB, which provides a generic way to repre-
sent addresses for Internet Protocols.
3.1.9. Fate sharing with multiple tables
Fate sharing of SNMP tables should be explicitly defined where possible
using SMI macros such as AUGMENTS. If the relationship between tables
cannot be defined using SMIv2 macros, then the DESCRIPTION clause should
define what should happen when rows in related tables are added or
deleted.
Consider the relationship between the dot1dBasePortTable and the
ifTable, which have a sparse relationship. If a given ifEntry supports
802.1D bridging then there is a dot1dBasePortEntry that has a pointer to
it via dot1dBasePortIfIndex.
Now what should happen if an ifEntry that can bridge is deleted? Should
the object dot1dBasePortIfIndex simply be set to 0 or should the
dot1dBasePortEntry be deleted as well?
When two tables are related, the DESCRIPTION clauses should define the
fate sharing of entries in the respective tables.
3.1.10. Conflicting Controls
MIB module designers should avoid specifying read-write objects that
overlap in function partly or completely.
Consider the following situation where two read-write objects partially
overlap when a dot1dBasePortEntry has a corresponding ifEntry.
The BRIDGE-MIB defines the following managed object:
Various Authors [Page 18]
�
RFC DRAFT Expires July 2001 March 2001
dot1dStpPortEnable OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
ACCESS read-write
STATUS mandatory
DESCRIPTION
"The enabled/disabled status of the port."
REFERENCE
"IEEE 802.1D-1990: Section 4.5.5.2"
::= { dot1dStpPortEntry 4 }
The IF-MIB defines a similar managed object:
ifAdminStatus OBJECT-TYPE
SYNTAX INTEGER {
up(1), -- ready to pass packets
down(2),
testing(3) -- in some test mode
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The desired state of the interface. The testing(3) state
indicates that no operational packets can be passed. When a
managed system initializes, all interfaces start with
ifAdminStatus in the down(2) state. As a result of either
explicit management action or per configuration information
retained by the managed system, ifAdminStatus is then
changed to either the up(1) or testing(3) states (or remains
in the down(2) state)."
::= { ifEntry 7 }
if ifAdminStatus is set to testing(3), the value to be returned for
dot1dStpPortEnable is not defined, or, even worse, an agent returns a
misleading value. Without clarification on how these two objects inter-
act, management implementations will have to monitor both objects if
bridging is detected and correlate behavior.
When this situation has been detected, one of the two objects should
have the STATUS set to deprecated from future use.
3.1.11. Textual Convention Usage
Textual conventions should be used whenever possible to create a consis-
tent semantic for an oft-recurring practice.
Various Authors [Page 19]
�
RFC DRAFT Expires July 2001 March 2001
Textual conventions that have even the slightest chance of being reused
in other MIB modules ideally should also be defined in a separate MIB
module to facilitate sharing of such objects. For example, all ATM MIB
modules draw on the ATM-TC-MIB to define common definitions.
To simplify management applications use of a given set of managed
objects, consider using SNMPv2-TC based definitions:
acmePatioLights OBJECT-TYPE
SYNTAX INTEGER {
on(1),
off(2),
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Current status of outdoor lighting."
::= { acmeOutDoorElectricalEntry 3 }
Would better expressed as follows:
AcmePatioLightsEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Current status of outdoor lighting."
::= { acmeOutDoorElectricalEntry 3 }
3.1.12. Persistent Configuration
Many SNMP agents implement simple persistence models. SNMP set requests
against MIB objects with MAX-ACCESS read-write are typically written
automatically to a persistent store.
There are methods to support explicit storage of configuration data. The
first method uses the Textual Convention known as StorageType [6] which
explicitly defines a given row's persistence requirement.
Examples include the RFC 2591 [23] definition for the schedTable row
object schedStorageType of syntax StorageType, as well as similar row
objects for virtually all of the tables of the SNMP View-based Access
Control Model MIB [15].
A second method for persistence simply uses the DESCRIPTION macros to
define how instance data should persist. RFC 2674 [24] defines explic-
itly Dot1qVlanStaticEntry data persistence as follows:
Various Authors [Page 20]
�
RFC DRAFT Expires July 2001 March 2001
dot1qVlanStaticTable OBJECT-TYPE
SYNTAX SEQUENCE OF Dot1qVlanStaticEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table containing static configuration information
for each VLAN configured into the device by (local
or network) management. All entries are permanent
and will be restored after the device is reset."
::= { dot1qVlan 3 }
Best current practice is a dual persistence model where: 1) a volatile
memory configuration can be retrieved/updated 2) persistent boot config-
uration which is updatable and non-volatile.
3.1.13. Configuration Sets and Activation
An essential notion for configuration of network elements is awareness
of the difference between the set of one or more configuration objects
from the activation of those configuration changes in the actual subsys-
tem.
The document "Requirements for IP Version 4 Routers" [20], section 1.3.4
states:
A vendor needs to provide adequate documentation on all
configuration parameters, their limits and effects.
Any complex configuration should have a master on/off switch as well as
strategically placed on/off switches to control the sectional employment
of configuration data. These controls play a pivotal role during the
configuration process as well as during subsequent diagnostics. Gener-
ally a series of set operations should not cause an agent to act on each
object causing convergence/stability possibly to be lost on each and
every set. Ideally a series of Set PDUs would install the configuration
and a final set series of PDUs would activate the changes.
During diagnostic situations, certain on/off switches can be set to
localize the perceived error instead of having to remove the configura-
tion.
An example of such an object from the OSPF Version 2 MIB [27] is the
global ospfAdminStat:
Various Authors [Page 21]
�
RFC DRAFT Expires July 2001 March 2001
ospfAdminStat OBJECT-TYPE
SYNTAX Status
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The administrative status of OSPF in the
router. The value 'enabled' denotes that the
OSPF Process is active on at least one inter-
face; 'disabled' disables it on all inter-
faces."
::= { ospfGeneralGroup 2 }
Elsewhere in the OSPF MIB, the semantics of setting ospfAdminStat to
enabled(2) are clearly spelled out.
The Scheduling MIB [23] exposes such an object on each entry in the
scheduled actions table, along with the corresponding read status object
on the entry status:
schedAdminStatus OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The desired state of the schedule."
DEFVAL { disabled }
::= { schedEntry 14 }
Various Authors [Page 22]
�
RFC DRAFT Expires July 2001 March 2001
schedOperStatus OBJECT-TYPE
SYNTAX INTEGER {
enabled(1),
disabled(2),
finished(3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current operational state of this schedule. The state
enabled(1) indicates this entry is active and that the
scheduler will invoke actions at appropriate times. The
disabled(2) state indicates that this entry is currently
inactive and ignored by the scheduler. The finished(3)
state indicates that the schedule has ended. Schedules
in the finished(3) state are ignored by the scheduler.
A one-shot schedule enters the finished(3) state when it
deactivates itself."
::= { schedEntry 15 }
Finally, a MIB module designer should not always overload RowStatus
objects to control activation/deactivation of a configuration. While
RowStatus looks ideally suited for such a purpose since a management
application can set a row to active(1), then set it to notInService(2)
to disable it then make it active(1) again, there is no guarantee that
the agent won't discard the row while it is in the notInService(2)
state.
The DISMAN-SCHEDULE-MIB's managed object schedAdminStatus demonstrates
how to separate row control from row activation. Setting the schedAd-
minStatus to disabled(2) does not cause the row to be aged out/removed
from the table.
3.1.14. Usage of Row notReady Status
It is useful when configuring new rows to use the notReady status to
indicate row activation cannot proceed.
When designing read-create objects in a table containing a RowStatus
object, a MIB module designer should first consider the default state of
each object in the table when a row is created via one simple createAnd-
Wait(5) PDU. If no default state is applicable but the object must be
set to some value, the DESCRIPTION clause should specify this object as
mandatory. In addition, an SNMP get of such an object then should return
a noSuchName error if the object has not yet been set. A read of the
RowStatus columnar object should return notReady(3) until all such
mandatory and non-defaultable objects have been set with acceptable val-
ues.
Various Authors [Page 23]
�
RFC DRAFT Expires July 2001 March 2001
Should a given implementation require more objects to be set than is
specified in a MIB module, an agent capabilities statement can be used
to define the additional objects using the CREATION-REQUIRES clause. Not
implementing the above may result in a management application being mis-
led that a transition to active(1) state will succeed without further
action by only polling the RowStatus object and receiving the notInSer-
vice(2) value from an agent.
3.1.15. SET operation Latency
Many standards track and enterprise MIB modules that contain read-write
objects assume that an agent can complete a set operation as quickly as
an agent can send back the status of the set operation to the applica-
tion.
Consider the following object that both reports the state of a garage
door as well as allows a SET operation to change a garage door's state.
acmePortGarageDoor OBJECT-TYPE
SYNTAX INTEGER { unknown(0), closed(1), open(2)}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The current state of the garage door.
Most garage doors change state within 12 seconds."
::= { acmePortGarageEntry 2 }
With the object defined, the following example represents
one possible transaction.
Time Command Generator --------> <--- Command Responder
----- ----------------- -----------------
|
A GetPDU(acmePortGarageDoor.1.1)
|
| ResponsePDU(error-index 0,
| error-code 0)
|
B acmePortGarageDoor.1.1 == open(2)
|
C SetPDU(acmePortGarageDoor.1.1 =
| closed(1))
|
| ResponsePDU(error-index 0,
| error-code 0)
|
D acmePortGarageDoor.1.1 == closed(1)
|
E GetPDU(acmePortGarageDoor.1.1)
Various Authors [Page 24]
�
RFC DRAFT Expires July 2001 March 2001
|
F ResponsePDU(error-index 0,
| error-code 0)
|
V acmePortGarageDoor.1.1 == open(2)
....some time, perhaps seconds, later....
|
G GetPDU(acmePortGarageDoor.1.1)
|
H ResponsePDU(error-index 0,
| error-code 0)
| acmePortGarageDoor.1.1 = closed(1)
V
The response to the GET request at time E will often confuse management
applications that assume the state of the object should be closed(1). In
reality, the garage door is somewhere between the states open and
closed.
Aother implementation may reasonably assume to return the unknown value
since it may detect that garage door is in neither open or closed state.
In both cases, the response is not what most would expect.
One solution to the above problem is to consider separating desired
(settable) state from current state. ifAdminStatus and ifOperStatus
from RFC 2863 provide such an example of the separation of objects into
desired and current state.
A second solution requires providing a more detailed state machine for
read-write object which can be done alone or in combination with a spe-
cific control object. In the example above the enumeration could be
expanded to include a full state machine with states for closing(3) and
opening(4) and possibly jammed(5).
A second way latency can be introduced in SET operations is the way an
agent interfaces to the instrumentation of the managed subsystem. This
latency is not the result of the time it takes to accomplish some opera-
tion as in the door example above. It comes from several potential
sources. First, the time it takes the operational code to accept the new
configuration information from the SNMP agent and process it and
'install' the commands in the system. An example of this is when config-
uration changes are made to a routing system that has a large routing
table and the configuration changes cause a re-computation of a large
number of routes. A second related source of delay in this context is
the 'naturalness' of the interface between the instrumentation in the
operational code and the sub-agent. In some cases the operational code
will have been written without an consideration of management other than
flat files. In these cases, the structures in the operational code may
Various Authors [Page 25]
�
RFC DRAFT Expires July 2001 March 2001
not be well suited to any sort of dynamic change and thus will be some-
what clunky and inefficient until re-written. This would be true regard-
less of the management technology used. In these conditions, the agent
software will have to adapt as well as possible, and the management
software should consider this latency (and cost) when making changes.
3.1.16. Application Error Reporting
MIB Module designers should not rely on the SNMP protocol error report-
ing mechanisms alone to report application layer error state for objects
that accept SET operations.
Most configuration applications provide poor error reporting when they
receive SNMP protocol errors. These protocol errors are important and
should be reported but they are not intended to provide application
layer information. That information should be 'built-in' to the design
the managed system just as well written code provides context specific
error information. In the case of SNMP, those error returns can be con-
veyed in MIB Objects.
When a "badValue" error occurs, an application can update the applica-
tion state so management application can collect, analyze and report the
failure. A badValue does not necessarily mean the command generator sent
bad data. An agent could be at fault. Additional detailed diagnostic
information may aid in debugging the integrated system.
As an example of tracking errors, consider the hrPrinterTable from the
HOST-RESOURCES-MIB, RFC 2790:
Various Authors [Page 26]
�
RFC DRAFT Expires July 2001 March 2001
hrPrinterDetectedErrorState OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This object represents any error conditions detected
by the printer. The error conditions are encoded as
bits in an octet string, with the following
definitions:
Condition Bit #
lowPaper 0
noPaper 1
lowToner 2
noToner 3
doorOpen 4
jammed 5
offline 6
serviceRequested 7
inputTrayMissing 8
outputTrayMissing 9
markerSupplyMissing 10
outputNearFull 11
outputFull 12
inputTrayEmpty 13
overduePreventMaint 14
Bits are numbered starting with the most significant
bit of the first byte being bit 0, the least
significant bit of the first byte being bit 7, the
most significant bit of the second byte being bit 8,
and so on. A one bit encodes that the condition was
detected, while a zero bit encodes that the condition
was not detected.
This object is useful for alerting an operator to
specific warning or error conditions that may occur,
especially those requiring human intervention."
::= { hrPrinterEntry 2 }
Notifications can also be used to signal configuration failures with
detailed failure information objects.
3.1.17. Designing Notifications
Notifications can play an important role in configuration. With SNMPv2c
and SNMPv3, informs allow the design of reliable, event-driven
Various Authors [Page 27]
�
RFC DRAFT Expires July 2001 March 2001
synchronization models that can aid configuration.
When designing new notifications, consider how to limit on the number of
notifications (traps or informs) that can be sent in response to a given
event. RMON I[30] defines a generic trap capability in the alarmTable
and provides one of many ways to prevent the quantity of notifications
from overwhelming a management system.
Another way to limit the volume of a particular notification it to
define situations where it need not be sent. A good example is the
frDLCIStatusChange defined in FRAME-RELAY-DTE-MIB, RFC 2115 [19].
frDLCIStatusChange NOTIFICATION-TYPE
OBJECTS { frCircuitState }
STATUS current
DESCRIPTION
"This trap indicates that the indicated Virtual Circuit
has changed state. It has either been created or
invalidated, or has toggled between the active and
inactive states. If, however, the reason for the state
change is due to the DLCMI going down, per-DLCI traps
should not be generated."
::= { frameRelayTraps 1 }
3.1.18. Control of Notification Subsystem
There are standards track MIB modules that define objects that either
augment or overlap control of notifications. For instance, FRAME-RELAY-
DTE-MIB RFC 2115 defines frTrapMaxRate and DOCS-CABLE-DEVICE-MIB defines
a set of objects in docsDevEvent that provide for rate limiting and fil-
tering of notifications.
In the past, agents did not have a standard means to configure a notifi-
cation generator. With the availability of SNMP-NOTIFICATION-MIB in
RFC 2573 it is recommended that the filtering functions of this MIB mod-
ule be used.
3.1.19. Transaction Control MIB Objects
When a standard MIB module is defined that includes configuration opera-
tions, thought should be given to providing transaction control objects
in places where they may have value. Here are some examples:
o Control objects that are the 'write' or 'commit' objects.
Such objects will cause all pending transactions (change MIB object
Various Authors [Page 28]
�
RFC DRAFT Expires July 2001 March 2001
values as a result of SET operations) to be committed to a perma-
nent repository or operational memory as defined by the semantics
of the MIB objects.
o Control objects at different levels of configuration granularity.
One of the decisions for a MIB module designer is what levels of
granularity that make sense. For example, in the routing area,
would changes be allowed on a per protocol basis only or by proto-
col area such as BGP? If allowed at the BGP level, are sub-levels
permitted such as per autonomous system? The design of these con-
trol objects will be impacted by the underlying software design.
RowStatus also has important relevance as a general transaction
control object.
3.1.20. MIB Modules and Instance Indexing
When defining new MIB modules, one should consider if there could ever
be multiple instances of this MIB module in a single SNMP entity.
There are a few MIB modules that assume a one to many relationship, such
as the SYSAPPL-MIB [RFC2287]. However, the majority of MIB modules
assume a one-to-one relationship between the objects found in the MIB
module and a given SNMP agent. The OSPF-MIB, IP-MIB, BRIDGE-MIB are all
examples that are defined for a single instance of the technology.
It is clear that single instancing of these MIB modules was not adequate
to support devices that support multiple instances of a given technol-
ogy.
While the ENTITY-MIB [RFC2737] can provide a means for supporting the
one-to-many relationship through naming scopes using the entLogi-
calTable. There are some drawbacks to this approach: 1) cannot issue
PDU request that span naming scopes
Given two instances of BRIDGE-MIB active in a
single agent, one PDU cannot contain a
request for dot1dBaseNumPorts from
both the first and second instances.
2) creates a dependency on the entity MIB itself
3.1.21. Use of special optional clauses
When defining integer based objects for both read-write and read-only
semantics, using the UNITS clause is recommended in addition to
Various Authors [Page 29]
�
RFC DRAFT Expires July 2001 March 2001
specification in the DESCRIPTION clause of any particular details.
The REFERENCE clause is also recommended to help an implementer track
down related information on a given object.
3.1.22. Conceptual Table Modification Practices
The RowStatus textual convention does not define when objects in a con-
ceptual row can be modified. In fact, it is often wrongly assumed that
objects:
1) either must all be presently set or none need be to make
a conceptual RowStatus object transition to active(1)
2) that objects in a conceptual row cannot be modified once
a RowStatus object is active(1).
When it is not clear as to when an object in a conceptual row is modifi-
able, it should be stated explicitly as in RMON-MIB [RFC2819]:
filterPktDataOffset OBJECT-TYPE
SYNTAX Integer32
UNITS "Octets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The offset from the beginning of each packet where
a match of packet data will be attempted. This offset
is measured from the point in the physical layer
packet after the framing bits, if any. For example,
in an Ethernet frame, this point is at the beginning of
the destination MAC address.
This object may not be modified if the associated
filterStatus object is equal to valid(1)."
DEFVAL { 0 }
::= { filterEntry 3 }
3.1.23. MIB Object and Practice Reuse
Experience has shown that MIB modules are easier to understand and sim-
pler to implement when common conventions are employed.
Often, MIB modules often define a binary state object such as
enable/disable or on/off. Best current practice is to use existing Tex-
tual Conventions and define the read-write object in terms of a Truth-
Value from SNMPv2-TC [RFC2579]. For example, the Q-BRIDGE-MIB [RFC2674]
defines :
Various Authors [Page 30]
�
RFC DRAFT Expires July 2001 March 2001
dot1dTrafficClassesEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value true(1) indicates that Traffic Classes are
enabled on this bridge. When false(2), the bridge
operates with a single priority level for all traffic."
DEFVAL { true }
::= { dot1dExtBase 2 }
4. IMPLEMENTING SNMP CONFIGURATION AGENT
4.1. Operational Consistency
Sucessful deployment of SNMP configuration depends on understanding the
roles MIB module design and agent design play.
Both components must have been designed with an understanding of how
UDP/IP based SNMP behaves. A best current practice in MIB design is to
consider the idempotency of settable objects. Idempotency basically
means being able to invoke the same set repeatedly with the effect of it
being felt only once.
Here is an eample of the idempotency in action:
Manager Agent
-------- ------
Set1 (Object A, Value B) ---> receives set ok and responds
X<-------- Response PDU(ok) is dropped by network
Manager times out
and sends again
Set2 (Object A, Value B) ---> receives set ok (does nothing), responds
<-------- with a Response PDU(ok) dropped by network
Manager receives OK
Had object A been defined in stateful way, the set operation may cause
Set2 operation to fail owing to interactions with the operation from
Set1. If the implementation of the agent on the second request is not
aware of such a situation, the agent may behave poorly by actually re-
implementing the set request instead of doing nothing.
Logic is needed at these boundaries to provide operational consistency.
1. Integration of management applications and
agents. The MIB document is a contract between these two
entities that defines their behavior.
Various Authors [Page 31]
�
RFC DRAFT Expires July 2001 March 2001
2. The agent and the instrumented subsystem. In some
cases the instrumented subsystem will require
modification to allow for the dynamic nature of
SNMP-based configuration, control and monitoring
operations. Agent implementors must also be sensitive to
the operational code and device approaches that minimize
the management impact on those operational elements.
4.2. Handling Multiple Managers
Devices are often modified by multiple management entities and with dif-
ferent management techniques. It is sometimes the case that an element
is managed by different organizations as is often the case when a device
sits between administrative domains.
There are a variety of approaches that management software can use to
ensure synchronization of information between the manager and the man-
aged elements.
A agent should report configuration changes set by different entities.
It should also distinguish configuration defined locally such as a
default or locally specified configuration made through an alternate
management interface like command line interface. When a change has been
made to the system via SNMP, CLI, or other method, a managed element
should send an inform to the manager(s) to which it has been assigned.
The managers should update there local configuration repositories. This
approach can also be an early warning of undesired configuration
changes.
Managers should also develop mechanisms to ensure that they are synchro-
nized with each other.
4.3. Designing MIB Modules for Multiple Managers
When designing a MIB Module for configuration, consider the following to
provide support for multiple managers.
The first consideration is to avoid any race conditions between two or
more authorized management applications issuing SET protocol operations
spanning over more than a single PDU.
The standard textual convention document [RFC2579] defines TestAndIncr,
often called a spinlock, which is used to avoid race conditions.
A MIB module designer may explicitly define a synchronization object of
syntax TestAndIncr or may choose to rely on snmpSetSerialNo (a global
Various Authors [Page 32]
�
RFC DRAFT Expires July 2001 March 2001
spinlock object) as defined in SNMPv2-MIB.
snmpSetSerialNo OBJECT-TYPE
SYNTAX TestAndIncr
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"An advisory lock used to allow several cooperating SNMPv2
entities, all acting in a manager role, to coordinate their
use of the SNMPv2 set operation.
This object is used for coarse-grain coordination. To
achieve fine-grain coordination, one or more similar objects
might be defined within each MIB group, as appropriate."
::= { snmpSet 1 }
Second, an agent should be able to report configuration as set by dif-
ferent entities as well as distinguish configuration defined locally
such as a default or locally specified configuration made through an
alternate management interfaces like a command line interface. The Own-
erString textual convention from RMON-MIB RFC 2819 [30] has been used
successfully for this purpose.
Experience has shown that usage of OwnerString to represent row owner-
ship can be a useful diagnostic tool as well. Specifically, the use of
the string "monitor" to identify configuration set by an agent/local
management has been useful in applications.
Third, consider whether there is a need for multiple managers to config-
ure the same set of tables. If so, an "OwnerString" may be used as the
first component of a table's index to allow VACM to be used to protect
access to subsets of rows per manager. RFC 2591 section 6 presents this
technique in detail.
4.4. Exposure of Row Object Modifiability
Once a RowStatus value is active(1) for a given row, the management
application should be able to determine the semantics are for making
additional changes to a row. RMON I MIB control table objects spell out
explicitly what managed objects in a row can and cannot be changed once
a given RowStatus goes active.
As described earlier, some operations take some time to complete. Some
systems also require that they remain in a particular state for some
period before moving to another. In some cases a change to one value may
require re-initialization of the system. In all of these cases, the
DESCRIPTION clause should contain information about requirements of the
managed system and special restrictions that managers should observed.
Various Authors [Page 33]
�
RFC DRAFT Expires July 2001 March 2001
Transferring large amounts of configuration data via SNMP can be effi-
ciently performed with several of the techniques described in this docu-
ment. The policy section of this document shows how a very small amount
of information can be conveyed to a system under policy control that
reduces the need to move large amounts of configuration data between a
manager and a managed system. A common practice used to move large
amounts of data that some vendors use involves using SNMP as a control
channel in combination with other protocols defined for transporting
bulk data. This approach is sub-optimal since it raises a number of
security and other concerns.
5. DESIGNING CONFIGURATION MANAGEMENT SOFTWARE
In this section, we describe practices that should be used when creating
and deploying management software that configures one or more systems
with SNMP. One function all configuration management software should
provide, regardless of the method used to convey configuration informa-
tion to the managed systems is backup, failover and and restoration. A
management system should have the following features:
1. A method for restoring a previous configuration to one or
more devices. Ideally this restoration should be time indexed
so that a network can be restored to a configured state as of
a specific time and date.
2. A method for saving back up versions of the configured date
in case of hardware or software failure.
3. A method of providing failover to a secondary (management)
system in case of a primary failure. This capability should be
deployed in such a way that it does not cause duplicate
polling.
These three capabilities are of course important for other types of man-
agement that are not the focus of this BCP.
5.1. SNMP Configuration Management Sofware
This section focuses on general issues related to the development of
SNMP based applications (command generators) that configure one or more
network elements. Special consideration is give to what has come to be
known as policy-based management with SNMP. Effective software for the
configuration of one or many network elements requires thoughtful design
before starting implementation. This is true regardless of the technol-
ogy used to represent and transfer the configuration information. Two
general guiding principles in management application design are:
Various Authors [Page 34]
�
RFC DRAFT Expires July 2001 March 2001
- Ensure minimum movement of data
- Transaction control should be synchronized with remote system
5.2. Protocol Operations
There are three basic areas to evaluate relevant to SNMP protocol opera-
tions and configuration:
o Set and configuration activation operations
o Notifications from the device
o Data retrieval and collection
The design of the system should not assume that the objects in a device
that represent configuration data will remain unchanged over time.
As standard MIB modules evolve and vendors add private extensions, the
specific configuration parameters for a given operation are likely to
change over time. Even in the case of a configuration application that
is designed for a single vendor, the management application should allow
for variability in the MIB objects that will be used to configure the
device for a particular purpose. The best method to accomplish this is
by separating as much as possible the operational semantics of a config-
uration operation from the actual data. One way that some applications
achieve this is by having the specific configuration objects that are
associated with a particular device be table driven rather than hard
coded. Ideally, management software should verify the support in the
devices it is intended to manage and report any unexpected deviations to
the operator. This approach is particularly valuable when developing
applications that are intended to support equipment or software from
multiple vendors.
5.3. SET Operations
Management software should adapt its SET operations to the type of
device and specific MIB objects included in the SET PDU. The specific
intent here is to attempt to move the configuration information as effi-
ciently to the managed device as possible. There are many ways to
achieve efficiency and some are specific to given devices. One general
case example that all management software should employ is to reduce the
number of SET PDU exchanges between the managed device and the manage-
ment software to the smallest reasonable number. One approach to this is
to verify the largest number of variable bindings that can fit into a
SET PDU for a managed device. In some cases, the number of variable
Various Authors [Page 35]
�
RFC DRAFT Expires July 2001 March 2001
bindings to be sent in a particular PDU will be influenced by the
device, the specific MIB objects and other factors.
Maximizing SET variable bindings within a PDU has beneficial implica-
tions in the area of management application transaction initiation, as
well, as we will discuss in the following section.
5.4. Configuration Transactions
There are several types of configuration transactions that can be sup-
ported by SNMP-based configuration applications. They include transac-
tions on a single table, transactions across several tables in a managed
device and transactions across many devices. The manager's ability to
support these different transactions is partly dependent on the design
of the MIB objects within the scope of the configuration operation.
To make use of any kind of transaction semantics effectively, SNMP man-
agement software must be aware of the information in the MIB modules
that it is to configure so that it can effectively utilize RowStatus
objects for the control of transactions on one or more tables. Such
software must also be aware of control tables that the device supports
that are used to control the status of one or more other tables.
To the greatest extent possible, the management application should pro-
vide the facility to support transactions across multiple devices. This
means that if a configuration operation is desired across multiple
devices, the manager can coordinate these configuration operations such
that they become active as close to simultaneously as possible.
Several practical means are present in the SNMP model to effect this
management application transactional support. One was mentioned in the
preceding section. A transactional effect is optimized when the maximum
number of SET variable bindings are conveyed in a single PDU processed
on the agent.
There is an important refinement to this, however, for sets of table row
data objects. The set of read-create row data objects for the table
should be set in a single PDU or set of PDUs, and the verification of
their successful set through the response to the Set PDU or the subse-
quent polling of the row data objects to verify their setting in the
desired state. Only at the point of that verification should the set on
the applicable RowStatus object(s), to set the rows to active, be done.
This is the only effective means of affording an opportunity for per-row
rollback, particularly when the configuration change is across table row
instances on multiple managed devices.
Various Authors [Page 36]
�
RFC DRAFT Expires July 2001 March 2001
5.5. Notifications
As described throughout the section on Agent Software Development,
agents should provide the capability for notifications to be sent to
their configured management systems whenever a configuration operation
is attempted or completed. The management application MUST be prepared
to accept these notifications so that it knows the current configured
state of the devices it has been deployed to control. Some configura-
tion management applications may consume data from the managed devices
that reflects configuration, operational and utilization state informa-
tion. The GetBulkRequest-PDU is useful here whenever supported by the
managed device. For the purposes of backward compatibility, the manage-
ment station should also support and make use of the GetNextRequest-PDU
in these cases.
Management systems should also provide configuration options with
defaults for users that tend to retrieve the smallest amount of data to
achieve the particular goal of the application.
5.6. Scale of the Management Software
Efficient data retrieval described above is only part of the dimension
of scale that application developers should consider when developing
configuration applications. Management applications should provide for
distributed processing of the configuration operations. This also
extends to other management functions not the focus of this document.
This capability can also be used to provide resilience in the case of
network failures as well. An SNMP-based configuration management system
might be deployed in a distributed fashion where three systems in dif-
ferent locations keep each other synchronized. This synchronization can
be accomplished without additional polling of network devices through a
variety of techniques between each of the three managers. In the case of
a failure, a 'backup' system can take over the configuration responsi-
bilities of the failed manager without having to re-synchronize with the
managed elements since it will already be up to date.
6. DEPLOYMENT AND SECURITY ISSUES
Data network devices are configured using many mechanisms, however two
methods remain the most common: SNMP and Command Line Interface (CLI).
Effective use of these mechanisms involves an operational methodology
for deploying changes to networks in a cautious and incremental manner
with well-documented procedures. The collective intent of these proce-
dures is to guarantee that a configuration change to the network has the
intended effect on the affected network elements. Here is one such
Various Authors [Page 37]
�
RFC DRAFT Expires July 2001 March 2001
procedural model in detail:
Network Scope Input Procedural Step Output
------------------ ----- --------------- ------
Lab isolated from (1) Stage configuration Verify reliability
main network change with test of config change
device set and
(SNMP action: interoperability
determine distribution with prior system
of CLI and SNMP versions and
set actions for backwards
configuration change) compatibility
with prior
configuration
(2) Plan noncritical/ Fall back strategy
off hour window in case of change
(SNMP action: none) failure
Segmented edge of (1),(2) (3) Apply change to CLI Verified device
main network of network segment accept of
network elements configuration
(SNMP action: none) change
(1),(3) (4) Observation of Verified device
devices/networks over and network
time after change stability, proper
(SNMP action: effect of changes
monitor status of
SNMP read-only objects
which are companions
to SNMP set objects
for configuration
change)
(4) (5) Save changes to Verify integrity
persistent storage of changes after
of devices device restart
(SNMP action: SET
on controls to move
running config to
restart/persistent)
Expanded network (1),(2),(5) (6) Deploy changes, Verification of
Various Authors [Page 38]
�
RFC DRAFT Expires July 2001 March 2001
segments, iterative using CLI and SNMP. safety from any
to complete network Keep prior unanticipated
configuration on some SNMP defaulting
devices to allow behavior in mixed
fallback in case environment
of failure
(SNMP action: SET
on SNMP objects
determined in (1))
(4),(6) (7) Continue to Checkpointed
observe devices and verification
network for of anticipated
behavioral/service behavior
anomalies
(SNMP action:
same as (4) across
devices of expanded
network)
(7) (8) Expand deployment Checkpointed
and iteration to (6) verification
as called for of anticipated
(SNMP action: behavior
same as (6) across
expanded network)
Network revision (8) Update archived Change deployment
control system configurations, complete.
change log.
(SNMP action: none)
Procedures such as those above bring about a form of operational trans-
actionality, which works alongside (and employs) SNMP transactionality
as outlined in [SNMPTRANS]. The key goals throughout are
o Transactionality of configuration change deployment
o Persistence of configuration change which can be verified for
resulting stability, convergence, and realization of intended
effect of change.
Considerations for bringing about this verification are discussed
in the following section.
Various Authors [Page 39]
�
RFC DRAFT Expires July 2001 March 2001
6.1. Basic assumptions about Configuration
The following basic assumptions are made about real world configuration
models.
One, operations must understand and must be trained in the operation of
a given technology. No configuration system can prevent an untrained
operator from causing outages due to misconfiguration.
Two, systems undergoing configuration changes must be able to cope with
unexpected loss of communication at any time.
Network elements in conjunction with the configuration mechanism must
take appropriate measures to leave the configuration in a consis-
tent/recognizable state by either rolling back to a previously valid
state or changing to a well-defined or default state.
Three, configuration exists on a scale from relatively unchanging speci-
fications to high volume, high rate of configuration changes. The former
is often referred to as "set and forget" and the later "near real-time
change control." Design of configuration management must take into
account the rate and volume of change expected in a given configuration
subsystem.
6.2. Secure Agent Considerations
Vendors should not ship a device with a community string 'public' or
'private', and agents should not define default community strings except
where to bootstrap devices that do not have secondary management inter-
faces. Defaults lead to security issues, that have been recognized and
exploited. When using SNMPv1, supporting read-only community strings is
a common practice.
6.3. Authentication Traps
The default state of RFC 1215 [4] Authentication traps should be off.
In the "Notification" section of this document's discussion on MIB agent
design, issues and recommendations on throttling traps were raised.
Where notifications are sent in SNMPv1 trap PDUs, unsolicited packets to
a device can causes one ore more trap PDUs to be created and sent to
management stations. If these traps flow on shared access media and
links, the community string from the trap may be gleaned and exploited
to gain access to the device.
Various Authors [Page 40]
�
RFC DRAFT Expires July 2001 March 2001
6.4. Sensitive Information Handling
Some MIB modules contain objects that may contain data for keys, pass-
words and other such sensitive information and hence must be protected
from unauthorized access.
The DESCRIPTION clause for these and their defining MIB RFC Security
Considerations section should make it clear how and why these specific
objects are sensitive and that a user should only make them accessible
for encrypted SNMP access. Vendors should also throughly document senti-
tive objects in a similar fashion.
As noted in the section on Designing Configuration Objects, when writing
standards track MIB modules, one must implement those objects that part
are of the various standards-track specifications. Confidentiality is
not a must implement portion of the SNMPv3 management framework [11].
Prior to SNMPv3, providing customized views of MIB module data was dif-
ficult. This led to objects being defined such as the following.
docsDevNmAccessEntry OBJECT-TYPE
SYNTAX DocsDevNmAccessEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry describing access to SNMP objects by a
particular network management station. An entry in
this table is not readable unless the management station
has read-write permission (either implicit if the table
is empty, or explicit through an entry in this table.
Entries are ordered by docsDevNmAccessIndex. The first
matching entry (e.g. matching IP address and community
string) is used to derive access."
INDEX { docsDevNmAccessIndex }
::= { docsDevNmAccessTable 1 }
Organize your objects into groups such that VACM views can be defined to
properly scope what tables are visible to a given user and view. See the
prior section "Naming MIB modules and Managed Objects "
7. POLICY BASED MANAGEMENT
Policy based management with SNMP is a new concept. This section gives
background to and defines terms that are relevant to this field and
describes some deployment approaches.
Various Authors [Page 41]
�
RFC DRAFT Expires July 2001 March 2001
7.1. Organization of Data in an SNMP-Based Policy System
The number of configurable parameters and 'instances' such as interfaces
on network devices have increased as equipment has become larger and
more complex. At the same time there is a need to configure many of
these systems to operate in a coordinated fashion to deliver specialized
services that are valued by customers. These include the delivery of
virtual private networks and connections that guarantee specific service
levels.
This is an essential consideration both for the organization of configu-
ration data and for the efficient transfer of the per-element configura-
tion data to the management agent. As an example, a Bridge MIB [22]
agent which represents a massively sized VLAN across an administrative
domain could have some 65,000 (virtual) port entries. Configuring such
a VLAN would require the establishment of To configure such a VLAN, it
would require the establishment of dot1dStpPortTable and dot1DStat-
icTable entries for each such virtual port. Values for these aggregate
row entries should ideally be representable in a form which aggregates
the requirement for any individual SNMP sets to establish the columns
and rows for the port. Of equal importance for scalable operation, the
management environment should allow the iteration across the table for
row and column creation for each such port to be done on the agent,
rather than requiring the round trip of a PDU and response for each.
The way that configuration has been accomplished to now is with file
transfer, by setting individual MIB objects, or with many CLI commands.
This can work for a few machines configured by experts, but there is a
desire for a more scalable solution. Policy based management abstracts
the details above the instance level which means that fewer SET requests
are sent to a managed device.
Realization of such a policy-driven system requires agent capabilities
to interpret the management policy data and to execute its logical con-
figuration on the managed element. An environment with such capabili-
ties is described in [31]. For the purposes of the discussion here, we
shall focus on terms and concepts relevant to the application of arbi-
trary policy-based configuration supporting the criteria just discussed.
7.2. Layering
For this discussion, we will create a MIB Module called the Building
Heating Ventilation and Air Conditioning (HVAC) MIB Module as a way of
describing terms new to policy-based configuration management with SNMP.
Instance-Specific
Various Authors [Page 42]
�
RFC DRAFT Expires July 2001 March 2001
Instance-specific information refers to parameter values that have been
associated with a specific instance in a managed element. One example
would be the number of octets that were received over a particular
interface, ifInOctets. In our example MIB Module, we will have fan and
temperature settings for every control panel in the building. Imagine
how many there would be in a 50-story office building or multi-acre
office park. Network operators have the same problem, only with parame-
ters for many routers and interfaces that they contain which have an
ever-increasing number of values that must be configured to deliver spe-
cialized services such as Differentiated Services.
Implementation-Specific
Implementation-specific details are those parameters that a particular
vendor might use in an implementation that augment a standard set of
mechanism-specific parameters. Vendors often add special capabilities
to basic mechanisms as a way of meeting special customer requirements or
differentiating themselves from their competitors.
These special capabilities are often a result of the implementation
approach that a vendor has used for the product, thus the term "imple-
mentation-specific". For example, if a router vendor implemented a par-
ticular routing protocol, they might have mechanism-specific parameters
that control the behavior of that protocol implementation. In our HVAC
example, some vendors might extend the standard to include features that
distinguish their products from their competition. In our example MIB
module, the system is a sophisticated one and allows for the control of
the humidity, which is not part of the HVAC Standard MIB Module.
Mechanism-Specific
Mechanisms are technologies defined in standards that are used within a
particular domain (see domain description below). For example, in the
area (domain) of routing, BGP is a mechanism that is used that has many
parameters, including time-out values, that control the behavior of
routers in a BGP environment. Policy descriptions that include the
details associated with a particular mechanism are said to be mechanism-
specific. In our HVAC example, we have several mechanisms that are used
in the standard MIB module to control how fast a fan is to turn and what
position a switch is to be in for heating or cooling.
Domain-Specific
A domain is a general area of technology such as service quality or
security, or HVAC. Services, or service level agreements, may span sev-
eral domains, each of them potentially including many policies. To con-
tinue the building analogy, there might also be a lighting domain with
many mechanisms that control different aspects of the light. Both the
Various Authors [Page 43]
�
RFC DRAFT Expires July 2001 March 2001
lighting and the HVAC domains would be used in the lease the tenant
signs with the landlord in which the landlord promises to keep things
cool in the summer, warm in the winter and light at night. As a practi-
cal matter, people will not discuss these domains in the abstract. They
will most often be discussed with technology or application-specific
examples. Examples of technical domains include IPSec and Differentiated
Services. In our example MIB module we are describing information in the
HVAC (heating, ventilation, and air conditioning domain).
7.3. Information Related to Policy Configuration
In order for effective policy management to take place, a range of
information about the network elements is needed to avoid making poor
policy decisions. Even in those cases where policy-based configuration
is not in use, much of the information described in this section can be
a useful input to the decision-making process about what type of config-
uration operations to do.
For this discussion it is important to make distinctions between distri-
bution of policy to a system, activation of a policy in a system, and
changes/failures that take place during the time it is expected to be
active. For example, if an interface is down that is included in a pol-
icy that is distributed, there may not be an error since the policy may
not be scheduled for activation until a later time. On the other hand if
a policy is distributed and applied to an interface that should be oper-
ational and it is not, clearly this is a problem. With this as back-
ground, here are some areas to consider that are important to making
good policy configuration decisions and establishing when a policy has
'failed'.
o The operational state of network elements that are to be config-
ured.
In particular, care should be taken to determine if the sub compo-
nents to be configured are available for use. In some cases the
elements may not be available. The policy configuration software
should determine if this is a prerequisite to policy down-load or
if the condition is acceptable. In those cases where policy is dis-
tributed when the sub component such as an interface or disk is not
available, the managed system should send a notification to the
designated management station when the policy is to become active
if the resource is still not available.
o The capabilities of the devices in the network.
Various Authors [Page 44]
�
RFC DRAFT Expires July 2001 March 2001
A capability can be almost any unit of work a network element can
perform. These include, routing protocols supported, Web Server and
OS versions, queuing mechanisms supported on each interface that
can be used to support different qualities of service, and many
others. this information can be obtained from the capabilities
table of the Policy MIB module.
o The capacity of the devices to perform the desired work.
Capability is an ability to perform the desired work while a capac-
ity is a measure of how much of that capability the system has. The
policy configuration application should, wherever possible, evalu-
ate the capacity of the network element to perform the work identi-
fied by the policy. In some systems it will not be possible to
directly obtain the capacity of the managed elements to perform the
desired work, even though it may be possible to monitor the amount
of work the element performs. In these cases, the management appli-
cation may benefit from pre-configured information about the capac-
ity of different network elements so that evaluations of the
resources available can be made before distributing new policies.
Utilization refers to how much capacity for a particular capability
has been consumed. For devices that have been under policy configu-
ration control for any period of time, a certain percentage of the
available capacity of the managed elements will be used. Policies
should not be distributed to systems that do not have the resources
to carry out the policy for a reasonable period of time.
7.4. Policy, Mechanism/Implementation and Instance Specific Modules
A conformant agent could implement the policy module without any mecha-
nism or implementation-specific modules. For complicated configuration
areas such as Differentiated Services, Web servers, routing protocols,
etc., mechanism and frequently implementation-specific MIB modules will
be required.
If a vendor implements a standard set of instance-specific MIB objects
and an RFC has not yet been defined for a mechanism-specific set of
objects to control the policy based configuration of these instance-spe-
cific objects, the vendor should create such a module allowing for the
fact that an RFC might be issued later for the mechanism-specific mod-
ule. To the extent a vendor creates instance- specific extensions to
standard instance-specific MIB modules, they should also create imple-
mentation-specific MIB modules if the intend the box to be configured
with policy-based management. Many vendors create proprietary functions
and the instrumentation to manage them. To enable these features to be
integrated into an SNMP-based policy management system, both instance
Various Authors [Page 45]
�
RFC DRAFT Expires July 2001 March 2001
and implementation-specific MIB objects should be created.
7.5. Schedule and Time Issues
This section applies equally to systems that are not policy based as
well as policy-based systems, since configuration operations often need
to be synchronized across time zones. Wherever possible, the network
elements should support time information that includes local time zone
information. Some deployed systems do not store complex notions of local
time and thus may not be able to properly process policy directives that
contain time zone relevant data. For this reason, policy management
applications should have the ability to ascertain the time keeping abil-
ities of the managed system and make adjustments to the policy for those
systems that are time-zone challenged.
7.6. Conflict Detection, Resolution and Error Reporting
For many systems, sophisticated conflict detection and resolution is not
realistically achievable in the short-term. Using a hierarchical
approach to this problem can achieve significant benefits. Each 'layer'
policy management system should be able to check for some errors and
report them. This is conceptually identical to programs raising and
exception and passing that information on to software that can do some-
thing meaningful with it.
The responsibilities for each layer are: Instance-specific: Conflict
detection has been performed in a limited way for some time in software
that realizes instance- specific MIB objects. This detection is indepen-
dent of policy. The types of 'conflicts' usually evaluated are for
resource availability and validity of the set operations. In a policy
enabled system, there are no additional requirements for this software
assuming that good error detection and reporting appropriate to this
level have already been implemented.
Mechanism and implementation-specific: For software that realizes mecha-
nism and/or implementation-specific objects, failures should be reported
such that the specific policy that has been impacted can be related with
the specific element that failed. Beyond this basic reporting which is
does not perform any policy conflict detection, there are no require-
ments. See the Policy MIB Module document for additional information on
policy precedence and conflict detection.
Changes to configuration outside of the policy system:
A goal of SNMP-based policy management is to coexist with other forms of
management software have historically been instance based management.
Various Authors [Page 46]
�
RFC DRAFT Expires July 2001 March 2001
The best example is command line interface. Here are some guidelines for
handling these changes.
A notification should be sent whenever an out of policy control change
is made to an element that is under the control of policy. This notifi-
cation should include the policy that was changed, the instance of the
element that was changed and the object and value that it was changed
to.
An element under the control of policy that has been changed remains a
member of the policy group until the attributes in the Role table that
caused it to match the policy in the first place are modified. An ele-
ment that has been modified by a an out of policy mechanism, while
remaining a member of the policy does not get overridden by a policy
until its value is made the same as the extant policy with the highest
precedence for this element, and by implication then returned to policy
control. A notification should be sent when this action is taken.
7.7. Notifications in a Policy System
Notifications can be useful in determining a failure of a policy as a
result of an error in the policy or element(s) under policy control. As
with all notifications, they should be defined and controlled in such a
way that they do not add to a problem by sending more than are helpful
over a specific period of time. For example if a policy is controlling
1,000 interfaces and it fails, one notification rather than 1,000 may be
the better approach. In addition, such notifications should be defined
to include as much information as possible to aid in problem resolution.
7.8. Using Policy to Move Large Amounts of Data
One of the advantages of policy-based configuration with SNMP is that
many configuration operations can be conveyed with a small amount of
data. Changing a single configuration parameter for each of 100 inter-
faces on a system might require 100 CLI commands or 100 SNMP variable
bindings using conventional techniques.
Using policy-based configuration with SNMP, a single SET PDU can be sent
with the policy information necessary to apply a configuration change to
100 similar interfaces. This efficiency gain is the result of eliminat-
ing the need to send the value for each instance to be configured. The
'default' for each of the instances included in the policy is sent and
the rule for selection of the instances that the default is to be
applied can also be carried (see the Policy MIB Module).
To extend the example above, let's say that there are 10 parameters that
Various Authors [Page 47]
�
RFC DRAFT Expires July 2001 March 2001
need to change. Using conventional techniques, there would now be 1,000
variable bindings, one for each instance of each new value for each
interface. Using policy-based configuration with SNMP, it is still
likely that all the information can be conveyed in one SET PDU. The only
difference in this case is that there are ten parameters sent that will
be the 'template' used to create instances on the managed interfaces.
This efficiency gain not only applies to SET operations, but also to
those management operations that require configuration information.
Since the policy is also held in the pmPolicyTable, and entire policy
that potentially controls hundreds of rows of information can be
retrieved in a single GET request.
8. EXAMPLE MIB MODULE FOR POLICY-BASED MANAGEMENT
In this section, we define a 'standard' MIB Module that controls the
heating and air conditioning for a large building. This module contains
both configuration and counter objects that allow operators to see how
much cooling or heating a particular configuration has consumed. A pol-
icy table that represents the configuration information at a mechanism
specific level is also included. This table in combination with the pol-
icy MIB Module will allow operators to configure many rooms all at once,
change the configuration parameters based on time of day, and make a
number of other sophisticated decisions based on policy.
In this section, a vendor specific extension to 'standard' HVAC module
is also included to show how one would extend a standard with vendor
specific extensions and include those extensions in an SNMP-based policy
management system.
The design approach taken for policy configuration of this MIB module
that could be used for other similar MIB modules is to avoid redundant
or similar managed objects. In this case, this means using the objects
defined in the instance specific table to create templates, used to con-
figure one or more instances.
When multiple managed objects represent a single instance a template can
be used to active a complete configuration on the instance. The managed
objects used to represent the parameters of a managed instance will be
used for the provisioning of the configuration template.
The concept presented consists of three design steps:
Step 1: Design the managed objects for the instance level.
This is required in order to have the most accurate
representation of your managed device or application.
Various Authors [Page 48]
�
RFC DRAFT Expires July 2001 March 2001
These managed objects (for the example MIB module)
are:
bldgHVACFloor
bldgHVACOffice
bldgHVACOffType
bldgHVACHeatOrCool
bldgHVACFanSpeed
bldgHVACDesiredTemp
bldgHVACCurrentTemp
bldgHVACCoolOrHeatMins
Step 2: Separate the actual binding to the instance from the managed
objects.
The split of the managed objects (for the example MIB module)
would be:
- instance specific
bldgHVACFloor
bldgHVACOffice
bldgHVACButtonsPointer
- parameters
bldgHVACIndex -- a unique index needs to be added
bldgHVACOffType
bldgHVACHeatOrCool
bldgHVACFanSpeed
bldgHVACDesiredTemp
bldgHVACCurrentTemp
bldgHVACCoolOrHeatMins
bldgHVACOwner
bldgHVACStatus
Step 3: Define a binding between a template and the managed objects
representing the device. An extra table from which the
configuration template a defined needs to be added. Due to
the separation in step 2 we do not need to defined, since
we reuse the managed objects representing the parameters.
The following managed objects (for the example MIB module)
will be added.
bldgHVACPolicyId
bldgHVACPolicyDescr
bldgHVACPolicyConfiguration
bldgHVACPolicyOwner
bldgHVACPolicyStatus
BLDG-HVAC-MIB DEFINITIONS ::= BEGIN
IMPORTS
Various Authors [Page 49]
�
RFC DRAFT Expires July 2001 March 2001
-- NOTIFICATION-TYPE,
MODULE-IDENTITY, OBJECT-IDENTITY, Counter32,
Gauge32, OBJECT-TYPE, Integer32, experimental
FROM SNMPv2-SMI
-- MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP
-- FROM SNMPv2-CONF
TEXTUAL-CONVENTION,
RowStatus, RowPointer
FROM SNMPv2-TC
OwnerString
FROM RMON-MIB
SnmpAdminString
FROM SNMP-FRAMEWORK-MIB;
bldgHVACMIB MODULE-IDENTITY
LAST-UPDATED "200007090000Z"
ORGANIZATION "SNMPCONF working group"
CONTACT-INFO
"www.ietf.org"
DESCRIPTION
"This example MIB module defines a set of standard
management objects for heating ventilation and air
conditioning systems. It also includes a simple table
that can be used to create policies that are applied to
rooms based on a schedule."
REVISION "200101040900Z"
DESCRIPTION
"Initial version of BLDG-HVAC-MIB."
::= { experimental XXX }
--
-- Top level delegations
--
bldgHVACObjects OBJECT-IDENTITY
STATUS current
DESCRIPTION
"Objects that configure and monitor HVAC in a building."
::= { bldgHVACMIB 1 }
--
-- Textual Conventions
--
Various Authors [Page 50]
�
RFC DRAFT Expires July 2001 March 2001
HvacOperation ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Operations supported by a Heating and cooling system.
A reference to underlying general systems would go here."
SYNTAX INTEGER {
heat(1),
cool(2)
}
--
-- HVAC Objects Group
--
bldgHVACTable OBJECT-TYPE
SYNTAX SEQUENCE OF BldgHVACEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This simple table is an example of objects that are at the
instance level of specificity. That is, they are indexed by a
specific floor and office number. The configuration
parameters and counters are for a specific location,
but these are defined with a 'bldgHVACButtonsTable'."
::= { bldgHVACObjects 1 }
bldgHVACEntry OBJECT-TYPE
SYNTAX BldgHVACEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row represents a particular room, the desired HVAC
settings and usage information for that location since this
setting was initialized."
INDEX { bldgHVACFloor, bldgHVACOffice }
::= { bldgHVACTable 1 }
BldgHVACEntry ::= SEQUENCE {
bldgHVACFloor Integer32,
bldgHVACOffice Integer32,
bldgHVACButtons RowPointer
Various Authors [Page 51]
�
RFC DRAFT Expires July 2001 March 2001
}
bldgHVACFloor OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This portion of the index indicates the floor of the
building."
::= { bldgHVACEntry 1 }
bldgHVACOffice OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This second component of the index that specifies the office
number."
::= { bldgHVACEntry 2 }
bldgHVACButtons OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The pointer to an entry in the 'bldgHVACButtonsTable'.
The entry pointed to is a pre-made configuration that
represents the description of the bldgHVACPolicyDescr
object."
::= { bldgHVACEntry 3 }
bldgHVACButtonTable OBJECT-TYPE
SYNTAX SEQUENCE OF BldgHVACEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This simple table is an example of objects that are at the
Various Authors [Page 52]
�
RFC DRAFT Expires July 2001 March 2001
instance level of specificity. That is, they are indexed by a
specific floor and office number. The configuration
parameters and counters are for a specific location,
but these are defined with a 'bldgHVACButtonTable'."
::= { bldgHVACObjects 2 }
bldgHVACButtonEntry OBJECT-TYPE
SYNTAX BldgHVACButtonEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row represents a particular room, the desired HVAC
settings and usage information for that location since this
setting was initialized."
INDEX { bldgHVACFloor, bldgHVACOffice }
::= { bldgHVACButtonTable 1 }
BldgHVACButtonEntry ::= SEQUENCE {
bldgHVACButtonIndex Integer32,
bldgHVACOffType INTEGER,
bldgHVACHeatOrCool INTEGER,
bldgHVACFanSpeed Gauge32,
bldgHVACDesiredTemp Gauge32,
bldgHVACCurrentTemp Gauge32,
bldgHVACCoolOrHeatMins Counter32,
bldgHVACOwner OwnerString,
bldgHVACStatus RowStatus
}
bldgHVACButtonIndex OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"An index that uniquely defines a set of buttons to be used
floor heating."
::= { bldgHVACButtonEntry 1 }
bldgHVACHeatOrCool OBJECT-TYPE
SYNTAX HvacOperation
Various Authors [Page 53]
�
RFC DRAFT Expires July 2001 March 2001
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This controls the heating and cooling mechanism and is
set-able by building maintenance."
::= { bldgHVACButtonEntry 2 }
bldgHVACFanSpeed OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Shows the revolutions per minute of the fan. Fan speed will
vary based on the difference between bldgHVACDesiredTemp and
bldgHVACurrentTemp."
::= { bldgHVACButtonEntry 3 }
bldgHVACDesiredTemp OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This is the desired temperature setting. It might be changed
at different times of the day or based on seasonal
conditions. This is a good candidate parameter for control by
policy."
::= { bldgHVACButtonEntry 4 }
bldgHVACCurrentTemp OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The current measured temperature in the office."
::= { bldgHVACButtonEntry 5 }
bldgHVACCoolOrHeatMins OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
Various Authors [Page 54]
�
RFC DRAFT Expires July 2001 March 2001
DESCRIPTION
"The total number of heating or cooling minutes that have
been consumed since the row was activated."
::= { bldgHVACEntry 6 }
bldgHVACOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identity of the operator/system that last modified this
entry."
::= { bldgHVACEntry 7 }
bldgHVACStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this row. This is a good example of latency
discussed earlier in this document. A row may be activated
with a particular temperature setting but it may take some
time before the current temperature is made equal to the
desired temperature. This time lag can even be effected by
where the sensor is in the office."
::= { bldgHVACEntry 8 }
--
-- The Policy Table to specify Mechanism-specific Parameters
--
bldgHVACPolicyTable OBJECT-TYPE
SYNTAX SEQUENCE OF BldgHVACPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
Various Authors [Page 55]
�
RFC DRAFT Expires July 2001 March 2001
"This table can be used to set policy defaults that will be
placed on the specific offices that match the
pmPolicyFilter. See the policy MIB Module for more
information."
::= { bldgHVACObjects 3 }
bldgHVACPolicyEntry OBJECT-TYPE
SYNTAX BldgHVACPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row represents a single set of policy parameters that
can be applied to selected instances - in this case offices.
These policies will be turned on and off by the policy module
through its scheduling facilities."
INDEX { bldgHVACPolicyId }
::= { bldgHVACPolicyTable 1 }
BldgHVACPolicyEntry ::= SEQUENCE {
bldgHVACPolicyId Integer32,
bldgHVACPolicyDescr SnmpAdminString,
bldgHVACPolicyConfiguration RowPointer,
bldgHVACPolicyOwner OwnerString,
bldgHVACPolicyStatus RowStatus
}
bldgHVACPolicyId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A unique value for each defined policy in this table. This
value be be pointed to from the Policy MIB Module."
::= { bldgHVACPolicyEntry 1 }
bldgHVACPolicyDescr OBJECT-TYPE
SYNTAX SnmpAdminString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
Various Authors [Page 56]
�
RFC DRAFT Expires July 2001 March 2001
"A human readable textual convention for this HVAC
policy."
::= { bldgHVACPolicyEntry 2 }
bldgHVACPolicyConfiguration OBJECT-TYPE
SYNTAX RowPointer
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The pointer to a configuration template for floor
heating. This is a pointer to a specific row in
thebldgHVACButtonTable."
::= { bldgHVACPolicyEntry 3 }
bldgHVACPolicyOwner OBJECT-TYPE
SYNTAX OwnerString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The identity that created this row of the table."
::= { bldgHVACPolicyEntry 5 }
bldgHVACPolicyStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The status of this row of the table."
::= { bldgHVACPolicyEntry 6 }
END
Implementation and Instance Extensions:
Just as with networking technologies, vendors may wish to add extensions
that can distinguish their products from the competition. If an HVAC
vendor also wanted to support humidity control, they could add that
Various Authors [Page 57]
�
RFC DRAFT Expires July 2001 March 2001
facility to their equipment and use AUGMENTS for the bldgHVACPolicyTable
with two objects, one that indicates the desired humidity and the other,
the actual. The bldgHVACPolicyTable could also be extended using this
same approach so that HVAC policies could easily be extended to support
this vendor.
9. GLOSSARY
Command Line Interface (CLI)
A means of interface to a configuration and management system for net-
work elements which involves a textual request/reply interface over a
terminal transport. In the province of data networking, there is no
standardized form of CLI, and hence a CLI is invariably specific to a
vendor implementation.
community string
A SNMP Version 1 access control mechanism. Logically, a community is a
simple string which associates some number of SNMP application entities,
and allows an agent to make access control decision on access requests
to given MIB objects and OID subtrees.
Device-Local Configuration
Device-local configuration data is specific to a particular network
device. This is the finest level of granularity for configuring network
devices.
Differentiated Services
A means of defining enterprise or cross-enterprise packet transmission
requirements for purposes of realizing service levels or other traffic
engineering requirements. As has been developed by the IETF, Differen-
tiated Services is realized by fields in IP packet headers and an
implied contract between cooperating packet processing nodes as to the
significance of certain values for those fields (in a traffic engineer-
ing sense).
Domain-specific
A term for a scope of configuration data, broad enough to encompass an
entire area of technology or generalized problem statement to which the
configuration activity is applied. Examples might include "routing",
"secure IP", or "layer 3 routing".
Various Authors [Page 58]
�
RFC DRAFT Expires July 2001 March 2001
Fate Sharing
A principle of Internet protocol resources and management data units
which specifies that there is an inherent unification between the state
of a relationship (for example, between two related table rows). If the
relationship between them becomes inoperable or invalidated, there will
be a predictable behavior for the removal of the relationship (and pos-
sibly, one or both of its parties in their entirety).
Implementation-specific
A term for a scope of configuration data, encompassing a technology or
feature set pertinent to the technologies or feature sets specific to a
vendor's implementation of the more generalized features constrained by
domain-specific or mechanism-specific containment.
Instance-specific
A term for a scope of configuration data, constrained to encompass all
parametric values as defined by the deployment of domain, mechanism, and
implementation specific containment, but further qualified with data
specific to a specific managed element or group of managed elements.
Instance-specific configuration data requires no further decomposition
for deployment from a network management software application perspec-
tive.
MIB module
The SNMP Management information is viewed as a collection of managed
objects, residing in a virtual information store, termed the Management
Information Base (MIB). Collections of related objects, collectively
defined by the IETF or management administrative enterprises, are
defined in MIB modules. These MIB modules are logical subsets of the
total MIB data exposed by a running SNMP agent.
Network-Wide Configuration
Network-wide configuration data is not specific to any particular net-
work device and from which multiple device-local configurations can be
derived. Network-wide configuration provides a level of abstraction
above device-local configurations.
Octet string
A management data type, defined in the SMI, which denotes interpretation
as arbitrary binary or textual data.
OwnerString
Various Authors [Page 59]
�
RFC DRAFT Expires July 2001 March 2001
A textual convention, first defined in the RMON MIB, providing an infor-
mal means of access control over a resource. As specified in the TC
definition, an object instance of this type is specified on a table row
which is likely to be under incremental creation or update. The Owner-
String generally defines the IP address or other identifier for the cre-
ator of a row and hence the party using its resources.
Persistence
A property of management data that defines its permanence. Specifi-
cally, for the purposes of this document, persistence defines whether a
change in configuration on a managed element will have that change
reflected across power cycles (and associated operational configuration
data store re-initialization) of the managed element.
Policy-based configuration
Policy-based configuration is the practice of applying management opera-
tions for collective configuration action on managed objects that share
certain rule-based attributes.
RMON (remote monitoring)
The Remote Monitoring MIB module, defined in [30], contains a number of
objects and notification facilities useful in direct and delegated man-
agement of remote network devices. It contains a number of configurable
table rows to define targets managed elements for remote packet process-
ing analysis and thresholds for notification generation.
SMI
The Structure of Managed Information is the definition of a subset of
ASN.1 and the administrative values which constrain the expression and
encoding of data within the SNMP MIB and its modular extensions.
SNMP
The Simple Network Management Protocol. This comprises the Internet
Standard Management Framework.
textual convention (TC)
Textual conventions refer to new types defined for specific purposes
within SMI-compliant MIB modules. Textual conventions are defined using
an ASN.1 macro (TEXTUAL-CONVENTION), and synthesize new types with syn-
tactic similarity but greater semantic precision than the native SMI
types the textual conventions derive from.
Various Authors [Page 60]
�
RFC DRAFT Expires July 2001 March 2001
Time-indexed
For this document, this refers to data (and in particular, data describ-
ing events of configuration set or notification), which is tagged with
the agent or management station time of event occurrence. This is often
used in SNMP management systems to correlate events over an elapsed
indexed time sequence with each other for purposes of transactional
grouping.
TimeStamp
A textual convention containing a managed element sysUpTime value, gen-
erally to reflect the element-relative time of the occurrence of a given
associated event.
Transaction
A finite group of changes that taken as a whole can be applied or rolled
back in one operation. For example, a single SNMP SET PDU represents a
transaction for which the state before the set is returned should any
individual element in the variable-bindings list fail to be applied thus
returning the device to exactly the same state before the SET was exe-
cuted.
variable binding (VarBind)
Within a SNMP PDU, a VarBind is an in-PDU pairing of the identifier for
the instance of managed data with that instance's value.
10. ACKNOWLEDGEMENTS
This document was produced by the SNMPCONF Working Group:
Christopher Anderson
Andy Bierman
Dr Jeffrey Case
Chris Elliott
Joel Halpern
Pablo Halpern
Wes Hardaker
David Harrington
Harrie Hazewinkel
Art Mellor
David Partain
Randy Preshun
Dan Romanescu
Shawn Routhier
Robin Whitworth
Various Authors [Page 61]
�
RFC DRAFT Expires July 2001 March 2001
11. REFERENCES
[1] Harrington, D., Presuhn, R., and B. Wijnen, "An Architecture for
Describing SNMP Management Frameworks", RFC 2571, April 1999.
[2] Rose, M., and K. McCloghrie, "Structure and Identification of
Management Information for TCP/IP-based Internets", STD 16, RFC
1155, May 1990.
[3] Rose, M., and K. McCloghrie, "Concise MIB Definitions", STD 16, RFC
1212, March 1991.
[4] Rose, M., "A Convention for Defining Traps for use with the SNMP",
RFC 1215, March 1991.
[5] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
and S. Waldbusser, "Structure of Management Information Version 2
(SMIv2)", STD 58, RFC 2578, April 1999.
[6] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
and S. Waldbusser, "Textual Conventions for SMIv2", STD 58, RFC
2579, April 1999.
[7] McCloghrie, K., Perkins, D., Schoenwaelder, J., Case, J., Rose, M.,
and S. Waldbusser, "Conformance Statements for SMIv2", STD 58, RFC
2580, April 1999.
[8] Case, J., Fedor, M., Schoffstall, M., and J. Davin, "Simple Network
Management Protocol", STD 15, RFC 1157, May 1990.
[9] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Introduc-
tion to Community-based SNMPv2", RFC 1901, January 1996.
[10] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Transport
Mappings for Version 2 of the Simple Network Management Protocol
(SNMPv2)", RFC 1906, January 1996.
[11] Case, J., Harrington D., Presuhn R., and B. Wijnen, "Message
Processing and Dispatching for the Simple Network Management Proto-
col (SNMP)", RFC 2572, April 1999.
[12] Blumenthal, U., and B. Wijnen, "User-based Security Model (USM) for
version 3 of the Simple Network Management Protocol (SNMPv3)", RFC
Various Authors [Page 62]
�
RFC DRAFT Expires July 2001 March 2001
2574, April 1999.
[13] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, "Protocol
Operations for Version 2 of the Simple Network Management Protocol
(SNMPv2)", RFC 1905, January 1996.
[14] Levi, D., Meyer, P., and B. Stewart, "SNMPv3 Applications", RFC
2573, April 1999.
[15] Wijnen, B., Presuhn, R., and K. McCloghrie, "View-based Access Con-
trol Model (VACM) for the Simple Network Management Protocol (SNMP)",
RFC 2575, April 1999.
[16] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser, q(Management
Information Base for Version 2 of the Simple Network Management
Protocol (SNMPv2) q, RFC 1907, January 1996.
[17] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB using
SMIv2", RFC 2233, Cisco Systems, FTP Software, November 1997.
[18] Case, J., Mundy, R., Partain, D., and B. Stewart, "Introduction to
Version 3 of the Internet-standard Network Management Framework",
RFC 2570, April 1999.
[19] Brown, C., and F. Baker, "Management Information Base for Frame
Relay DTEs Using SMIv2", RFC 2115, September 1997.
[20] Baker, F, "Requirements for IP Version 4 Routers", RFC 1812, June
1995.
[21] Hawkinson, J., and T. Bates, "Guidelines for Creation, Selection,
and Registration of an Autonomous System (AS)", RFC 1930,
March 1996.
[22] Decker, E., Langille, P., Rijsinghani, A., and K. McCloghrie,
"Definitions of Managed Objects for Bridges", RFC 1493, July 1993.
[23] Levi, D., and J. Schoenwaelder "Definitions of Managed Objects for
Scheduling Management Operations", RFC 2591, May 1999.
[24] Bell, E., Smith, A., Langille, P., Rijsinghani, A., and K.
McCloghrie, "Definitions of Managed Objects for Bridges with
Traffic Classes,
Various Authors [Page 63]
�
RFC DRAFT Expires July 2001 March 2001
Multicast Filtering and Virtual LAN Extensions, RFC 2674, August
1999.
[25] Baker, F., "IP Forwarding Table MIB", RFC 2096, January 1997.
[26] St. Johns, M., "Radio Frequency (RF) Interface Management Informa-
tion Base for MCNS/DOCSIS compliant RF interfaces", RFC 2670,
August 1999.
[27] Baker, F., and R. Coltun, "OSPF Version 2 Management Information
Base", RFC 1850, November 1995.
[28] Blake, S. Black, D., Carlson M., Davies E. Wang Z., Weiss W., "An
Architecture for Differentiated Services ", RFC 2475, December
1998.
[29] Willis, S. and J. Chu., "Definitions of Managed Objects for the
Fourth Version of the Border Gateway Protocol (BGP-4) using SMIv2",
RFC 1657, July 1994.
[30] Waldbusser, S."Remote Network Monitoring Management Information
Base", RFC 2819, May 2000.
[31] McCloghrie, K., and Kastenholz, F., "The Interfaces Group MIB",
RFC 2863, June 2000.
[32] McCloghrie, K., and Hanson, G., "The Inverted Stack Table Exten-
sion to the Interfaces Group MIB", RFC 2864, June 2000.
[33] McCloghrie, K. and Bierman, A., "Entity MIB (Version 2)", RFC
2737, December, 1999.
[34] ITU-T,, Recommendation M.3010.,
PRINCIPLES FOR ATELECOMMUNICATIONS MANAGEMENT NETWORK.
February, 2000.
12. EDITORS' ADDRESSES
Michael R. MacFaden
Riverstone Networks, Inc
5200 Great America Parkway
Santa Clara, CA 95054
email - mrm@riverstonenet.com
Various Authors [Page 64]
�
RFC DRAFT Expires July 2001 March 2001
Jon Saperia
JDS Consulting
174 Chapman Street
Watertown, MA 02472
email - saperia@mediaone.net
Wayne Tackabury
Gold Wire Technology
411 Waverley Oaks Rd.
Waltham, MA 02452
email - wayne@goldwiretech.com
13. INTELLECTUAL PROPERTY
The IETF takes no position regarding the validity or scope of any intel-
lectual property or other rights that might be claimed to pertain to
the implementation or use of the technology described in this document
or the extent to which any license under such rights might or might not
be available; neither does it represent that it has made any effort to
identify any such rights. Information on the IETF's procedures with
respect to rights in standards-track and standards-related documentation
can be found in BCP-11. Copies of claims of rights made available for
publication and any assurances of licenses to be made available, or the
result of an attempt made to obtain a general license or permission for
the use of such proprietary rights by implementors or users of this
specification can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary rights
which may cover technology that may be required to practice this stan-
dard. Please address the information to the IETF Executive Director.
14. Full Copyright Statement
Copyright (C) The Internet Society (2000). All Rights Reserved.
This document and translations of it may be copied and furnished to oth-
ers, and derivative works that comment on or otherwise explain it or
assist in its implementation may be prepared, copied, published and dis-
tributed, in whole or in part, without restriction of any kind, provided
Various Authors [Page 65]
�
RFC DRAFT Expires July 2001 March 2001
that the above copyright notice and this paragraph are included on all
such copies and derivative works. However, this document itself may not
be modified in any way, such as by removing the copyright notice or ref-
erences to the Internet Society or other Internet organizations, except
as needed for the purpose of developing Internet standards in which
case the procedures for copyrights defined in the Internet Standards
process must be followed, or as required to translate it into languages
other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FIT-
NESS FOR A PARTICULAR PURPOSE.
Table of Contents
1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Document Organization . . . . . . . . . . . . . . . . . . . . . 3
2. USING SNMP AS A CONFIGURATION MECHANISM . . . . . . . . . . . . . 3
2.1. Transactions and SNMP . . . . . . . . . . . . . . . . . . . . . 3
2.2. Practical Requirements for Transactional Control . . . . . . . 4
2.3. Best Practices in Configuration . . . . . . . . . . . . . . . . 5
3. DESIGNING A MIB MODULE . . . . . . . . . . . . . . . . . . . . . 7
3.1. MIB Module design . . . . . . . . . . . . . . . . . . . . . . . 8
3.1.1. Consistency in Modeling . . . . . . . . . . . . . . . . . . . 8
3.1.2. Designing Configuration Objects . . . . . . . . . . . . . . . 8
3.1.3. Naming MIB modules and Managed Objects . . . . . . . . . . . 9
3.1.4. Using Summary Objects and State Tracking . . . . . . . . . . 10
3.1.5. Advanced Synchronization Considerations . . . . . . . . . . . 12
3.1.6. Octet String Aggregations . . . . . . . . . . . . . . . . . . 15
3.1.7. Simple Integer Indexing . . . . . . . . . . . . . . . . . . . 17
3.1.8. Indexing with Network Addresses . . . . . . . . . . . . . . . 18
3.1.9. Fate sharing with multiple tables . . . . . . . . . . . . . . 18
3.1.10. Conflicting Controls . . . . . . . . . . . . . . . . . . . . 18
3.1.11. Textual Convention Usage . . . . . . . . . . . . . . . . . . 19
3.1.12. Persistent Configuration . . . . . . . . . . . . . . . . . . 20
3.1.13. Configuration Sets and Activation . . . . . . . . . . . . . 21
3.1.14. Usage of Row notReady Status . . . . . . . . . . . . . . . . 23
Various Authors [Page 66]
�
RFC DRAFT Expires July 2001 March 2001
3.1.15. SET operation Latency . . . . . . . . . . . . . . . . . . . 24
3.1.16. Application Error Reporting . . . . . . . . . . . . . . . . 26
3.1.17. Designing Notifications . . . . . . . . . . . . . . . . . . 27
3.1.18. Control of Notification Subsystem . . . . . . . . . . . . . 28
3.1.19. Transaction Control MIB Objects . . . . . . . . . . . . . . 28
3.1.20. MIB Modules and Instance Indexing . . . . . . . . . . . . . 29
3.1.21. Use of special optional clauses . . . . . . . . . . . . . . 29
3.1.22. Conceptual Table Modification Practices . . . . . . . . . . 30
3.1.23. MIB Object and Practice Reuse . . . . . . . . . . . . . . . 30
4. IMPLEMENTING SNMP CONFIGURATION AGENT . . . . . . . . . . . . . . 31
4.1. Operational Consistency . . . . . . . . . . . . . . . . . . . . 31
4.2. Handling Multiple Managers . . . . . . . . . . . . . . . . . . 32
4.3. Designing MIB Modules for Multiple Managers . . . . . . . . . . 32
4.4. Exposure of Row Object Modifiability . . . . . . . . . . . . . 33
5. DESIGNING CONFIGURATION MANAGEMENT SOFTWARE . . . . . . . . . . . 34
5.1. SNMP Configuration Management Sofware . . . . . . . . . . . . . 34
5.2. Protocol Operations . . . . . . . . . . . . . . . . . . . . . . 35
5.3. SET Operations . . . . . . . . . . . . . . . . . . . . . . . . 35
5.4. Configuration Transactions . . . . . . . . . . . . . . . . . . 36
5.5. Notifications . . . . . . . . . . . . . . . . . . . . . . . . . 37
5.6. Scale of the Management Software . . . . . . . . . . . . . . . 37
6. DEPLOYMENT AND SECURITY ISSUES . . . . . . . . . . . . . . . . . 37
6.1. Basic assumptions about Configuration . . . . . . . . . . . . . 40
6.2. Secure Agent Considerations . . . . . . . . . . . . . . . . . . 40
6.3. Authentication Traps . . . . . . . . . . . . . . . . . . . . . 40
6.4. Sensitive Information Handling . . . . . . . . . . . . . . . . 41
7. POLICY BASED MANAGEMENT . . . . . . . . . . . . . . . . . . . . . 41
7.1. Organization of Data in an SNMP-Based Policy System . . . . . . 42
7.2. Layering . . . . . . . . . . . . .. . . . . . .. . . . . . . . 42
7.3. Information Related to Policy Configuration . . . . . . . . . . 44
7.4. Policy, Mechanism/Implementation and Instance Specific Mod-
ules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.5. Schedule and Time Issues . . . . . . . . . . . . . . . . . . . 46
7.6. Conflict Detection, Resolution and Error Reporting . . . . . . 46
7.7. Notifications in a Policy System . . . . . . . . . . . . . . . 47
7.8. Using Policy to Move Large Amounts of Data . . . . . . . . . . 47
8. EXAMPLE MIB MODULE FOR POLICY-BASED MANAGEMENT . . . . . . . . . 48
Various Authors [Page 67]
�