Network Working Group J. Schoenwaelder
Internet-Draft TU Braunschweig
Expires April 2000 22. October 1999
SNMP Protocol Operations for Invoking Operations
<draft-irtf-nmrg-snmp-ops-00.txt>
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026. Internet-Drafts are
working documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Distribution of this document is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
This document defines additional protocol operations for the Simple
Network Management Protocol (SNMP) that support more efficient
configuration management via SNMP. The CallRequest and CallResponse
PDUs add an RPC style operation invocation mechanism to SNMP. The
CompoundRequest and CompoundResponse PDUs add a mechanism to send
multiple SNMP operations in a single SNMP message.
Warning
This document has not been written in order to specify a solution.
Instead, this document has been written to stimulate (controversial)
discussions within the NMRG (and elsewhere).
Schoenwaelder [Page 1]
Internet-Draft SNMP Protocol Operations for Operations October 1999
Table of Contents
1 Introduction ................................................. 3
2 Definitions .................................................. 4
3 PDU Processing ............................................... 7
4 Usage Examples ............................................... 7
5 Open Issues .................................................. 7
6 Security Considerations ...................................... 7
7 Authors' Address ............................................. 8
8 References ................................................... 8
9 Full Copyright Statement ..................................... 9
Schoenwaelder [Page 2]
Internet-Draft SNMP Protocol Operations for Operations October 1999
1. Introduction
The Simple Network Management Protocol (SNMP) is successfully used
for tasks such as statistics gathering, status monitoring, topology
discovery or event generation/distribution. All these application
areas have in common that they mainly require read access to network
elements. SNMP has been less successful as a network control protocol
that is actually used to configure and exercise control over network
elements.
One often cited reason for the limited usage as a network
configuration or control protocol is the lack of security mechanism
in the widely deployed SNMP protocol version 1 (SNMPv1). Recent work
on SNMP version 3 (SNMPv3) adds strong message security and access
control mechanisms to SNMP. Work on SNMPv3 also adds remote
administration MIBs that allow to configure the configuration
parameters associated with an SNMP engine.
Another reason for the limited success of SNMP as a network
configuration or control protocol are the properties of the SNMP
SetRequest protocol operation:
(1) The SetRequest operation allows a command generator to build
arbitrary complex operations that are hard to handle correctly
on a command responder.
(2) The SetRequest operation does not impose an ordering in the
varbind list nor does it impose an ordering in the processing of
the varbind list.
(3) The SetRequest operation does not return result values upon
successful completion of the operation.
(4) The SetRequest operation does not return set request specific
error codes.
(5) It is generally hard to implement and complex operations as side
effects on write operations to simple types variables.
(6) The message size constraints results of the underlying
transports for SNMP messages have lead to MIBs where complex
write operations may be realized by a sequence of less complex
write operations (dribble mode).
(7) The dribble mode add complexity since SNMP allows concurrent
access to a command responder from multiple SNMP command
generators. This leads to additional complexity (e.g. spin
locks) in order to serialize concurrent attempts to perform
complex write operations.
Schoenwaelder [Page 3]
Internet-Draft SNMP Protocol Operations for Operations October 1999
This document defines two new protocol operations (CallRequest and
CallResponse) that add an RPC style operation invocation mechanism to
SNMP. Operations are formally defined using an SMIv2 extension and
identified by an object identifier [SMIv2OPS]. Operations take a
sequence of arguments and return either a sequence of results, an
operation specific error code or a generic protocol error code.
Two additional protocol operations (CompoundRequest and
CompoundResponse) can be used to bind multiple SNMP operations
together and to process them in a single SNMP message. This can be
used to bind several related operations into a single transaction and
reduces the overall message and security processing overhead.
2. Definitions
SNMP-OPS-PDU DEFINITIONS ::= BEGIN
IMPORTS
ObjectSyntax
FROM SNMPv2-SMI
GetRequest-PDU, GetNextRequest-PDU, GetBulkRequest-PDU,
Response-PDU, SetRequest-PDU, InformRequest-PDU,
SNMPv2-Trap-PDU, Report-PDU, max-bindings
FROM SNMPv2-PDU;
max-pdus
INTEGER ::= 2147483647
PDUs ::= CHOICE {
get-request
GetRequest-PDU,
get-next-request
GetNextRequest-PDU,
get-bulk-request
GetBulkRequest-PDU,
response
Response-PDU,
set-request
SetRequest-PDU,
inform-request
InformRequest-PDU,
Schoenwaelder [Page 4]
Internet-Draft SNMP Protocol Operations for Operations October 1999
snmpV2-trap
SNMPv2-Trap-PDU,
report
Report-PDU,
call-request
CallRequest-PDU,
call-response
CallResponse-PDU
}
CallRequest-PDU ::= [42] IMPLICIT OPS-PDU
CallResponse-PDU ::= [43] IMPLICIT OPS-PDU
CompoundRequest-PDU ::= [44] IMPLICIT COMP-PDU
CompoundResponse-PDU ::= [45] IMPLICIT COMP-PDU
OPS-PDU ::= SEQUENCE {
request-id
INTEGER (-2147483648..2147483647),
error-status
INTEGER {
noError(0),
tooBig(1),
noSuchName(2), -- for proxy compatibility
badValue(3), -- for proxy compatibility
readOnly(4), -- for proxy compatibility
genErr(5),
noAccess(6),
wrongType(7),
wrongLength(8),
wrongEncoding(9),
wrongValue(10),
noCreation(11),
inconsistentValue(12),
resourceUnavailable(13),
commitFailed(14),
undoFailed(15),
authorizationError(16),
notWritable(17),
inconsistentName(18),
noErrorMoreFollows(19)
},
Schoenwaelder [Page 5]
Internet-Draft SNMP Protocol Operations for Operations October 1999
error-index
INTEGER (0..max-bindings), -- or sequence number
values
ValueList
}
ValueList ::= SEQUENCE (SIZE (0..max-bindings)) OF ObjectSyntax
COMP-PDU ::= SEQUENCE {
request-id
INTEGER (-2147483648..2147483647),
error-status
INTEGER {
noError(0),
tooBig(1),
noSuchName(2), -- for proxy compatibility
badValue(3), -- for proxy compatibility
readOnly(4), -- for proxy compatibility
genErr(5),
noAccess(6),
wrongType(7),
wrongLength(8),
wrongEncoding(9),
wrongValue(10),
noCreation(11),
inconsistentValue(12),
resourceUnavailable(13),
commitFailed(14),
undoFailed(15),
authorizationError(16),
notWritable(17),
inconsistentName(18),
noErrorMoreFollows(19)
},
error-index
INTEGER (0..max-pdus), -- or sequence number
pdus
PduList
}
PduList ::= SEQUENCE (SIZE (0..max-pdus)) OF PDUs
END
Schoenwaelder [Page 6]
Internet-Draft SNMP Protocol Operations for Operations October 1999
3. PDU Processing
TBD
4. Usage Examples
5. Open Issues
1. need to support linked Return-PDUs, similar to linked Response-
PDUs: where to allocate the missing bit?
2. error-status indicates whether values in response contains
results, exceptions or arguments
3. error-status and error-index are most likely not used in a
COMP-PDU (other than having a sequence number in there).
4. where to encode the operation name (OID)?
5. what to do about access control? for which objects do you call
isAccessAllowed()?
6. allow a compound PDU within a compound PDU?
7. what about a GetConfig-PDU?
6. Security Considerations
This document defines new SNMP protocol operations to invoke
operations on collections of MIB objects and to combine multiple SNMP
operations into a single SNMP message.
Message security is not affected by these new protocol operations.
Message security therefore depends on the security model used by the
message format.
Compound SNMP operations are processed as if they were send in a
sequence of separate messages. Thus, access control is still subject
of the access control processing of the protocol operations contained
in a compound SNMP operation.
Operations that invoke operations on collections of MIB objects rely
on the access control for the MIB objects. (TBD)
Schoenwaelder [Page 7]
Internet-Draft SNMP Protocol Operations for Operations October 1999
7. Authors' Address
Juergen Schoenwaelder
TU Braunschweig
Bueltenweg 74/75
38106 Braunschweig
Germany
Phone: +49 531 391-3283
EMail: schoenw@ibr.cs.tu-bs.de
8. References
[ASN1] Information processing systems - Open Systems
Interconnection - Specification of Abstract Syntax
Notation One (ASN.1), International Organization for
Standardization. International Standard 8824, December,
1987
[RFC1905] Case, J., McCloghrie, K., Rose, M., and S. Waldbusser,
"Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2)", RFC 1905, January 1996
[SMIv2OPS] J. Schoenwaelder, "Operation-Types for SMIv2", <draft-
irtf-nmrg-smi-ops-00.txt>, October 1999
Schoenwaelder [Page 8]
Internet-Draft SNMP Protocol Operations for Operations October 1999
9. Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Schoenwaelder [Page 9]