Network Working Group                                   J. Schoenwaelder
Internet-Draft                                           TU Braunschweig
Expires: September 18, 2002                               March 20, 2002


                    SNMP over TCP Transport Mapping
                    draft-irtf-nmrg-snmp-tcp-08.txt

Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on September 18, 2002.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This memo defines a transport mapping for using the Simple Network
   Management Protocol (SNMP) over TCP.  The transport mapping can be
   used with any version of SNMP.  This document extends the transport
   mappings defined in RFC 1906.











Schoenwaelder          Expires September 18, 2002               [Page 1]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  SNMP over TCP  . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.1 Serialization  . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.2 Well-Known Values  . . . . . . . . . . . . . . . . . . . . . .  4
   2.3 Connection Management  . . . . . . . . . . . . . . . . . . . .  4
   2.4 Reliable Transport versus Confirmed Operations . . . . . . . .  5
   3.  Security Considerations  . . . . . . . . . . . . . . . . . . .  6
   4.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . .  6
       References . . . . . . . . . . . . . . . . . . . . . . . . . .  7
       Author's Address . . . . . . . . . . . . . . . . . . . . . . .  8
   A.  Connection Establishment Alternatives  . . . . . . . . . . . .  8
       Full Copyright Statement . . . . . . . . . . . . . . . . . . . 10





































Schoenwaelder          Expires September 18, 2002               [Page 2]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


1. Introduction

   This memo defines a transport mapping for using the Simple Network
   Management Protocol (SNMP) [1] over TCP [2].  The transport mapping
   can be used with any version of SNMP.  This document extends the
   transport mappings defined in RFC 1906 [3].

   The SNMP over TCP transport mapping is an optional transport mapping.
   SNMP protocol engines that implement the SNMP over TCP transport
   mapping MUST also implement the SNMP over UDP transport mapping as
   defined in RFC 1906 [3].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [4].

2. SNMP over TCP

   SNMP over TCP is an optional transport mapping.  It is primarily
   defined to support more efficient bulk transfer mechanisms within the
   SNMP framework [5].

   The originator of a request/response transaction chooses the
   transport protocol for the entire transaction.  The transport
   protocol MUST NOT change during a transaction.

   In general, originators of request/response transactions are free to
   use the transport they assume is the best in a given situation.
   However, since TCP has a larger footprint on resource usage than UDP,
   engines using SNMP over TCP may choose to switch back to UDP by
   refusing new TCP connections whenever necessary (e.g.  too many open
   TCP connections).

   When selecting the transport, it is useful to consider how SNMP
   interacts with TCP acknowledgements and timers.  In particular,
   infrequent SNMP interactions over TCP may lead to additional IP
   packets carrying acknowledgements for SNMP responses if there is no
   chance to piggyback them.  Furthermore, it is recommended to
   configure SNMP timers to fire later when using SNMP over TCP to avoid
   application specific timeouts before the TCP timers have expired.

2.1 Serialization

   Each instance of a message is serialized into a single BER-encoded
   message, using the algorithm specified in Section 8 of RFC 1906 [3].
   The BER-encoded message is then sent over a TCP connection.  An SNMP
   engine MUST NOT interleave SNMP messages within the TCP byte stream.
   All the bytes of one SNMP message must be sent before any bytes of a



Schoenwaelder          Expires September 18, 2002               [Page 3]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


   different SNMP message.

   It is possible to exchange multiple SNMP request/response pairs over
   a single (persistent) TCP connection.  TCP connections are per
   default full-duplex and data can travel in both directions at
   different speeds.  It is therefore possible to send multiple SNMP
   messages to a remote SNMP engine before receiving responses from the
   same SNMP engine.  Note that an SNMP engine is not required to return
   responses in the same order as it received the requests.

   It is possible that the underlying TCP implementation delivers byte
   sequences that do not coincide with SNMP message boundaries.  A
   receiving SNMP engine MUST therefore use the length field in the BER-
   encoded SNMP message to separate multiple requests sent over a single
   TCP connection.

2.2 Well-Known Values

   It is RECOMMENDED that administrators configure their SNMP entities
   containing command responders to listen on TCP port 161 for incoming
   connections.  It is also RECOMMENDED that SNMP entities containing
   notification receivers be configured to listen on TCP port 162 for
   connection requests.

   SNMP over TCP transport addresses are identified by using the generic
   TCP transport domain and address definitions provided by RFC xxxx [6]
   which cover TCP over IPv4 and IPv6.

   When an SNMP entity uses the TCP transport mapping, it MUST be
   capable of accepting messages that are at least 8192 octets in size.
   Implementation of larger values is encouraged whenever possible.

2.3 Connection Management

   The use of TCP connections introduces costs [7].  Connection
   establishment and teardown cause additional network traffic.
   Furthermore, maintaining open connections binds resources in the
   network layer of the underlying operating system.

   SNMP over TCP is intended to be used when the size of the transferred
   data is large since TCP offers flow control and efficient
   segmentation.  The transport of large amounts of management data via
   SNMP over UDP requires many request/response interactions with small-
   sized SNMP over UDP messages, which causes latency to increase
   excessively.

   TCP connections are established on behalf of the SNMP applications
   which initiate a transaction.  In particular, command generator



Schoenwaelder          Expires September 18, 2002               [Page 4]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


   applications are responsible for opening TCP connections to command
   responder applications and notification originator applications are
   responsible to initiate TCP connections to notification receiver
   applications, which are selected as described in Section 3 of RFC
   2573 [8].  If the TCP connection cannot be established, then the
   transaction is aborted and reported to the application as a timeout
   error condition.  Alternative connection establishment procedures are
   discussed in Appendix A but are not part of this specification.

   All SNMP entities (whether in an agent role or manager role) can
   close TCP connections at any point in time.  This ensures that SNMP
   entities can control their resource usage and shut down TCP
   connections that are not used.  Note that SNMP engines are not
   required to process SNMP messages if the incoming half of the TCP
   connection is closed while the outgoing half remains open.

   The processing of any outstanding SNMP requests when both sides of
   the TCP connection have been closed is implementation dependent.  The
   sending SNMP entity SHOULD therefore not make assumptions about the
   processing of outstanding SNMP requests once a TCP connection is
   closed.  A timeout error condition SHOULD be signalled for confirmed
   requests if the TCP connection is closed before a response has been
   received.

2.4 Reliable Transport versus Confirmed Operations

   The transport of SNMP messages over TCP results in a reliable
   exchange of SNMP messages between SNMP engines.  In particular, TCP
   guarantees (in the absence of security attacks) that the delivered
   data is not damaged, lost, duplicated, or delivered out of order [2].

   The SNMP protocol has been designed to support confirmed as well as
   unconfirmed operations [9].  The inform-request protocol operation is
   an example for a confirmed operation while the snmpV2-trap operation
   is an example for an unconfirmed operation.

   There is an important difference between an unconfirmed protocol
   operation sent over a reliable transport and a confirmed protocol
   operation.  A reliable transport such as TCP only guarantees that
   delivered data is not damaged, lost, duplicated, or delivered out of
   order.  It does not guarantee that the delivered data was actually
   processed in any way by the application process.  Furthermore, even a
   reliable transport such as TCP cannot guarantee that data sent to a
   remote system is eventually delivered on the remote system.  Even a
   graceful close of the TCP connection does not guarantee that the
   receiving TCP engine has actually delivered all the data to an
   application process.




Schoenwaelder          Expires September 18, 2002               [Page 5]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


   With a confirmed SNMP operation, the receiving SNMP engine
   acknowledges that the data was actually received.  Depending on the
   SNMP protocol operation, a confirmation may indicate that further
   processing was done.  For example, the response to an inform-request
   protocol operation also indicates to the notification originator that
   the notification passed the security model and that it was delivered
   to the notification receiver application.  Similarily, the response
   to a set-request indicates that the data passed the transport, the
   authentication mechanism and that the write request was actually
   processed by the command responder.

   A reliable transport is thus only a poor approximation for confirmed
   operations.  Applications that need confirmation of delivery or
   processing are encouraged to use the confirmed operations, such as
   the inform-request, rather than using unconfirmed operations, such as
   snmpV2-trap, over a reliable transport.

3. Security Considerations

   It is recommended that implementors consider the security features as
   provided by the SNMPv3 framework in order to provide SNMP security.
   Specifically, the use of the User-based Security Model RFC 2574 [10]
   and the View-based Access Control Model RFC 2575 [11] is recommended.

   It is then a customer/user responsibility to ensure that the SNMP
   entity giving access to a MIB is properly configured to give access
   to the objects only to those principals (users) that have legitimate
   rights to indeed GET or SET (change) them.

   The SNMP over TCP transport mapping does not have any impact on the
   security mechanisms provided by SNMPv3.  However, SNMP over TCP may
   introduce new vulnerabilities to denial of service attacks (such as
   TCP syn flooding) that do not exist in this form in other transport
   mappings.

4. Acknowledgments

   This document is the result of discussions within the Network
   Management Research Group (NMRG) of the Internet Research Task
   Force[12] (IRTF).  Special thanks to Luca Deri, Jean-Philippe Martin-
   Flatin, Aiko Pras, Ron Sprenkels, and Bert Wijnen for their comments
   and suggestions.

   Additional useful comments have been made by Mike Ayers, Jeff Case,
   Mike Daniele, David Harrington, Lauren Heintz, Keith McCloghrie,
   Olivier Miakinen, and Dave Shield.

   Luca Deri, Wes Hardaker, Bert Helthuis, and Erik Schoenfelder helped



Schoenwaelder          Expires September 18, 2002               [Page 6]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


   to create prototype implementations.  The SNMP over TCP transport
   mapping is currently supported by the NET-SNMP package[13] and the
   Linux CMU SNMP package[14].

References

   [1]   Case, J., Mundy, R., Partain, D. and B. Stewart, "Introduction
         to Version 3 of the Internet-standard Network Management
         Framework", RFC 2570, April 1999.

   [2]   Postel, J., "Transmission Control Protocol", STD 7, RFC 793,
         September 1981.

   [3]   Case, J., McCloghrie, K., Rose, M. and S. Waldbusser,
         "Transport Mappings for Version 2 of the Simple Network
         Management Protocol (SNMPv2)", RFC 1906, January 1996.

   [4]   Bradner, S., "Key words for use in RFCs to Indicate Requirement
         Levels", BCP 14, RFC 2119, March 1997.

   [5]   Sprenkels, R. and J. Martin-Flatin, "Bulk Transfers of MIB
         Data", Simple Times 7(1), March 1999.

   [6]   Daniele, M. and J. Schoenwaelder, "Textual Conventions for
         Transport Addresses", draft-ietf-ops-taddress-mib-02, March
         2002.

   [7]   Kastenholz, F., "SNMP Communications Services", RFC 1270,
         October 1991.

   [8]   Levi, D., Meyer, P. and B. Stewart, "SNMP Applications", RFC
         2573, April 1999.

   [9]   Harrington, D., Presuhn, R. and B. Wijnen, "An Architecture for
         Describing SNMP Management Frameworks", RFC 2571, April 1999.

   [10]  Blumenthal, U. and B. Wijnen, "User-based Security Model (USM)
         for version 3 of the Simple Network Management Protocol
         (SNMPv3)", RFC 2574, April 1999.

   [11]  Wijnen, B., Presuhn, R. and K. McCloghrie, "View-based Access
         Control Model (VACM) for the Simple Network Management Protocol
         (SNMP)", RFC 2575, April 1999.

   [12]  <http://www.irtf.org/>

   [13]  <http://net-snmp.sourceforge.net/>




Schoenwaelder          Expires September 18, 2002               [Page 7]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


   [14]  <http://www.gaertner.de/snmp/>


Author's Address

   Juergen Schoenwaelder
   TU Braunschweig
   Bueltenweg 74/75
   38106 Braunschweig
   Germany

   Phone: +49 531 391-3283
   EMail: schoenw@ibr.cs.tu-bs.de

Appendix A. Connection Establishment Alternatives

   This memo defines a simple connection establishment scheme where the
   notification originator or command generator application is
   responsible to establish TCP connections to notification receiver or
   command responder applications.  The purpose of this section is to
   document variations or alternatives of this scheme which have been
   discussed during the development of this specification.  The
   discussion below focuses on notification originator applications
   since this is case where people seem to have diverging viewpoints.
   The discussion below also assumes that the reader is familiar with
   the SNMPv3 notification forwarding model as defined in RFC 2573 [8].

   The variations that have been discussed are basically driven by the
   idea to provide fallback mechanisms in cases where TCP connection
   establishment from the notification originator to the notification
   receiver fails.  The approach specified in this memo simply drops
   notifications if the TCP connection cannot be established.  This
   implies that notification originators which need reliable
   notification delivery must implement a local notification log in
   order to keep a history of notifications that could not be delivered.

   Another option is to deliver notifications via UDP in case TCP
   connection establishment fails.  This might require to augment the
   snmpTargetTable with columns that provide information about the
   alternate UDP transport domain and address.  In general, this
   approach only helps to deliver notifications in cases where the
   notification receiver is unable to accept more TCP connections.  In
   other fault scenarios (e.g.  routing problems in the network), the
   UDP packet would have no or only marginally better chances to reach
   the notification receiver.  This implies that notification
   originators which need reliable notification delivery still need to
   implement a local notification log in order to keep a history of
   notifications in cases the UDP packets do not reach the destination.



Schoenwaelder          Expires September 18, 2002               [Page 8]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


   A generalization of this approach leads to the idea of a sparse
   augmentation of the snmpTargetTable which lists alternate fallback
   transports endpoints of arbitrary transport domains.  Multiple
   fallbacks may be possible by using a tag list approach.  This
   provides a generic transport independent fallback mechanism which is
   independent of the TCP transport mapping defined in this memo.

   Another alternative is to make the notification originator
   responsible to retry connection establishment.  This could be
   accomplished by augmenting the snmpTargetTable with additional
   columns that specify retry counts and timeouts or by adapting the
   existing snmpTargetAddrTimeout and snmpTargetAddrRetryCount columns
   in the snmpTargetTable.  But even this approach requires a local
   notification log in order to handle situations where all retries have
   failed.

   A fundamentally different approach is to make the notification
   receiver responsible to establish the TCP connection to the
   notification originator.  This approach has the advantage that the
   notification originator does not necessarily need a list of pre-
   configured notification receiver transport addresses.  The current
   notification forwarding model however relies on the snmpTargetTable
   to identify notification targets.  So the question comes up whether
   (a) new entries are added to the snmpTargetTable when a connection is
   established or whether (b) connections are only accepted if they
   match pre-configured snmpTargetTable entries.  Note that the target
   selection logic relies on a tag list which can not be reasonably
   populated when a connection is accepted.  So only option (b) seems to
   be compliant with the current notification forwarding logic.  Another
   issue to consider is the vulnerability to denial of service attacks.
   A notification originator can be easily attacked by syn-flooding
   attacks if it listens for incoming TCP connections.  Finally, in
   order to let notification originator and notification receiver
   appplications coexist easily on a single system, it would be
   necessary to assign new default port numbers on which notification
   originators listen for incoming TCP connections.















Schoenwaelder          Expires September 18, 2002               [Page 9]


Internet-Draft       SNMP over TCP Transport Mapping          March 2002


Full Copyright Statement

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Schoenwaelder          Expires September 18, 2002              [Page 10]